52 matches found
GHSA-QG47-5PX9-32G7 Ansible Remote Code Execution
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
Ansible Remote Code Execution
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
Tryton vulnerable to arbitrary command execution
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2014-4678
A flaw was found in ansible. The safeeval function does not properly restrict the code subset which allows remote attackers to execute arbitrary code via crafted instructions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2014-4657
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
PYSEC-2020-199
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
PYSEC-2020-199
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
CVE-2014-4657
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
CVE-2014-4657
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
CVE-2014-4657
The CVE-2014-4657 entry concerns Ansible’s safe_eval, where the code subset is not properly restricted. Connected documents confirm the flaw affects Ansible versions prior to 1.5.4 (the primary reference) and note that subsequent advisories describe an incomplete fix, with some sources indicating...
DEBIAN-CVE-2014-4678
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
CVE-2014-4678
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
PYSEC-2020-203
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
Code injection
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
CVE-2014-4678
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
CVE-2014-4678
The CVE-2014-4678 entry concerns Ansible’s safe_eval function. Version pre-1.6.4 fails to properly restrict the code subset, enabling remote attackers to execute arbitrary code via crafted instructions. This vulnerability is linked to an incomplete fix for CVE-2014-4657 and is described as a remo...
CVE-2014-4678
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
Arbitrary Code Execution
ansible is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the system by passing malicious strings that will be evaluated and executed by the safeeval function...
DEBIAN-CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
Code injection
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...