Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-4678HistoryFeb 20, 2020 - 3:15 a.m.
CVE-2014-4678
2020-02-2003:15:10
Debian Security Bug Tracker
security-tracker.debian.org
11
0.139 Low
EPSS
Percentile
95.7%
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | ansible | < 1.6.6+dfsg-1 | ansible_1.6.6+dfsg-1_all.deb |
| Debian | 11 | all | ansible | < 1.6.6+dfsg-1 | ansible_1.6.6+dfsg-1_all.deb |
| Debian | 10 | all | ansible | < 1.6.6+dfsg-1 | ansible_1.6.6+dfsg-1_all.deb |
| Debian | 999 | all | ansible | < 1.6.6+dfsg-1 | ansible_1.6.6+dfsg-1_all.deb |
| Debian | 13 | all | ansible | < 1.6.6+dfsg-1 | ansible_1.6.6+dfsg-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2014-4678
2020-02-20 00:00:00
CVE-2014-4657
2020-02-20 00:00:00
prion
prion
Code injection
2020-02-20 03:15:00
Code injection
2020-02-20 15:15:00
osv
osv
Ansible Code Injection Vulnerability
2022-05-24 22:01:18
PYSEC-2020-203
2020-02-20 03:15:00
PYSEC-2020-199
2020-02-20 15:15:00
cvelist
cvelist
CVE-2014-4678
2020-02-20 02:49:50
CVE-2014-4657
2020-02-20 14:28:16
github
github
Ansible Code Injection Vulnerability
2022-05-24 22:01:18
Ansible Remote Code Execution
2022-05-17 19:57:32
nessus
nessus
GLSA-201411-09 : Ansible: Privilege escalation
2014-11-24 00:00:00
gentoo
gentoo
Ansible: Privilege escalation
2014-11-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201411-09
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2014-0350)
2022-01-28 00:00:00
redhatcve
redhatcve
CVE-2014-4678
2020-04-28 07:09:47
freebsd
freebsd
ansible -- remote code execution vulnerability
2014-06-25 00:00:00
cve
cve
CVE-2014-4678
2020-02-20 03:15:10
CVE-2014-4657
2020-02-20 15:15:11
debiancve
debiancve
CVE-2014-4657
2020-02-20 15:15:11
mageia
mageia
Updated ansible package fixes multiple security issues
2014-08-25 12:44:11