Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0018

Malware in sbrugna...

7.3CVSS6.6AI score0.00736EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.25 views

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-009)

The version of ansible installed on the remote host is prior to 2.9.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-009 advisory. A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone o...

7.3CVSS7.2AI score0.00736EPSS
Exploits0References6
NVD
NVD
added 2020/03/31 5:15 p.m.21 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.3AI score0.00736EPSS
Exploits0References6
OSV
OSV
added 2020/03/31 5:15 p.m.1 views

DEBIAN-CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

5.6CVSS6.7AI score0.00736EPSS
Exploits0References1
Prion
Prion
added 2020/03/31 5:15 p.m.26 views

Command injection

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

4.6CVSS6.2AI score0.00736EPSS
Exploits0References6Affected Software8
OSV
OSV
added 2020/03/31 5:15 p.m.7 views

PYSEC-2020-206

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.8AI score0.00736EPSS
Exploits0References7
CVE
CVE
added 2020/03/31 4:20 p.m.255 views

CVE-2019-14905

The CVE-2019-14905 issue affects Ansible Engine’s nxos_file_copy module, where the filename parameter could be crafted to inject OS commands on NXOS devices. This is a local attack with potential confidentiality, integrity, and availability impacts as described (loss of confidentiality, etc.). Af...

7.3CVSS6AI score0.00736EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2020/03/31 4:20 p.m.18 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.2AI score0.00736EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2020/03/31 4:20 p.m.26 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.7AI score0.00736EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/03/31 4:20 p.m.46 views

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

7.3CVSS6.3AI score0.00736EPSS
Exploits0
Veracode
Veracode
added 2019/11/29 6:23 a.m.32 views

OS Command Injection

Ansible is vulnerable to OS command injection. The attack is possible because the module nxosfilecopy does not validate the remotefile parameter and directly uses the filenames from the parameter to copy files to a flash or bootflash on NXOS devices, allowing an attacker to inject malicious comma...

5.6CVSS4.4AI score0.00736EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2019/11/27 6:48 p.m.36 views

CVE-2019-14905

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Mitigation There...

7.3CVSS2.6AI score0.00736EPSS
Exploits0References3
Rows per page
Query Builder