Lucene search
K

14 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.2 views

SUSE CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

9.8CVSS8AI score0.03521EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2014-0350)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.05071EPSS
Exploits0References8
OSV
OSV
added 2020/02/18 3:15 p.m.7 views

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

9.8CVSS9.8AI score
Exploits0References3
OSV
OSV
added 2020/02/18 3:15 p.m.2 views

DEBIAN-CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

9.8CVSS8AI score0.03521EPSS
Exploits0References1
CVE
CVE
added 2020/02/18 2:46 p.m.65 views

CVE-2014-4966

CVE-2014-4966 affects Ansible before 1.6.7: it allows remote code execution via crafted inventory data or remote data that contain Jinja2 substrings (e.g., lookup('pipe')). The root cause is inadequate sanitization of {{ and lookup substrings in inventory/remote data, enabling arbitrary code exec...

9.8CVSS9.6AI score0.03521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/18 2:46 p.m.34 views

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

9.7AI score0.03521EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/02/18 2:46 p.m.29 views

CVE-2014-4966

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

9.8CVSS8.9AI score0.03521EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.57 views

[oCERT-2014-004] Ansible input sanitization errors

2014-004 Ansible input sanitization errors Description: The Ansible project is an open source configuration management platform. The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control...

1.4AI score0.03521EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.67 views

[oCERT-2014-004] Ansible input sanitization errors

2014-004 Ansible input sanitization errors Description: The Ansible project is an open source configuration management platform. The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control...

1.4AI score0.03521EPSS
Exploits0
Mageia
Mageia
added 2014/08/25 8:44 a.m.56 views

Updated ansible package fixes multiple security issues

Updated ansible package fixes security vulnerabilities: The Ansible platform before version 1.6.7 suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables CVE-2014-4678, CVE-2014-4966,...

9.8CVSS9.7AI score0.05071EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2014/08/08 12:0 a.m.32 views

Fedora Update for ansible FEDORA-2014-8904

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.03521EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/08/08 12:0 a.m.30 views

Fedora Update for ansible FEDORA-2014-8901

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.03521EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/08 12:0 a.m.28 views

Fedora 20 : ansible-1.6.10-1.fc20 (2014-8901)

Update to 1.6.10 Update to 1.6.9 with more shell quoting fixes. Update to 1.6.7. Fixes CVE-2014-4966 and CVE-2014-4967 Update to 1.6.8 with fixes for shell quoting from previous release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

9.8CVSS8AI score0.03521EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/08/08 12:0 a.m.27 views

Fedora 19 : ansible-1.6.10-1.fc19 (2014-8904)

Update to 1.6.10 Update to 1.6.9 with more shell quoting fixes. Update to 1.6.7 Fixes CVE-2014-4966 and CVE-2014-4967 Update to 1.6.8 with fixes for shell quoting from previous release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

9.8CVSS8AI score0.03521EPSS
Exploits0References4
Rows per page
Query Builder