Lucene search
K

8 matches found

PyPA
PyPA
added 2018/07/31 9:29 p.m.5 views

PYSEC-2018-37

A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key...

7.5CVSS6.6AI score0.02458EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2018/07/31 9:0 p.m.29 views

CVE-2016-8614

A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key...

7.5CVSS7.4AI score0.02458EPSS
Exploits1
OSV
OSV
added 2017/11/10 1:3 p.m.5 views

OPENSUSE-SU-2017:2976-1 Security update for ansible

This update for ansible to version 2.4.1.0 fixes the following vulnerabilities: - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment bsc1038785 - CVE-2016-9587: host to controller command execution vulnerability bsc1019021 - CVE-2016-8628: Command injection by...

9.8CVSS8.9AI score0.1765EPSS
Exploits6References10
CNVD
CNVD
added 2016/11/08 12:0 a.m.4 views

Ansible Security Bypass Vulnerability (CNVD-2016-10736)

Ansible is a newly emerged operation and maintenance tool that is based on Python and combines the advantages of many old operation and maintenance tools to achieve batch operating system configuration, batch program deployment, batch running commands and other functions. A security bypass...

7.5CVSS7AI score0.02458EPSS
Exploits1References1
OSV
OSV
added 2014/05/14 12:55 a.m.7 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

6.1AI score
Exploits0References2
OSV
OSV
added 2014/05/14 12:55 a.m.3 views

DEBIAN-CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

4.3CVSS6.8AI score0.00632EPSS
Exploits0References1
Prion
Prion
added 2014/05/14 12:55 a.m.18 views

Code injection

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle MITM attackers to spoof GPG keys for a package repository...

4.3CVSS6.7AI score0.00632EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2012/02/01 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-1352-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.6AI score0.00632EPSS
Exploits0References2
Rows per page
Query Builder