Lucene search
K

52 matches found

OSV
OSV
added 2022/05/17 7:57 p.m.23 views

GHSA-QG47-5PX9-32G7 Ansible Remote Code Execution

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS9.6AI score0.04391EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.34 views

Ansible Remote Code Execution

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS7.9AI score0.04391EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:21 a.m.29 views

Tryton vulnerable to arbitrary command execution

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

9CVSS7.4AI score0.02605EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2020/04/28 7:9 a.m.29 views

CVE-2014-4678

A flaw was found in ansible. The safeeval function does not properly restrict the code subset which allows remote attackers to execute arbitrary code via crafted instructions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS9.3AI score0.05197EPSS
Exploits0References3
NVD
NVD
added 2020/02/20 3:15 p.m.26 views

CVE-2014-4657

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS9.7AI score0.04391EPSS
Exploits0References2
OSV
OSV
added 2020/02/20 3:15 p.m.28 views

PYSEC-2020-199

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS7.9AI score0.04391EPSS
Exploits0References3
PyPA
PyPA
added 2020/02/20 3:15 p.m.5 views

PYSEC-2020-199

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS8AI score0.04391EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/02/20 2:28 p.m.42 views

CVE-2014-4657

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.8CVSS9.2AI score0.04391EPSS
Exploits0
Cvelist
Cvelist
added 2020/02/20 2:28 p.m.28 views

CVE-2014-4657

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

9.7AI score0.04391EPSS
Exploits0References2
CVE
CVE
added 2020/02/20 2:28 p.m.73 views

CVE-2014-4657

The CVE-2014-4657 entry concerns Ansible’s safe_eval, where the code subset is not properly restricted. Connected documents confirm the flaw affects Ansible versions prior to 1.5.4 (the primary reference) and note that subsequent advisories describe an incomplete fix, with some sources indicating...

9.8CVSS9.6AI score0.04391EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/02/20 3:15 a.m.2 views

DEBIAN-CVE-2014-4678

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

9.8CVSS8.6AI score0.05197EPSS
Exploits0References1
NVD
NVD
added 2020/02/20 3:15 a.m.29 views

CVE-2014-4678

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

9.8CVSS9.8AI score0.05197EPSS
Exploits0References7
OSV
OSV
added 2020/02/20 3:15 a.m.23 views

PYSEC-2020-203

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

9.8CVSS7.7AI score0.05197EPSS
Exploits0References8
Prion
Prion
added 2020/02/20 3:15 a.m.20 views

Code injection

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

7.5CVSS9.8AI score0.05197EPSS
Exploits0References7Affected Software2
UbuntuCve
UbuntuCve
added 2020/02/20 3:15 a.m.24 views

CVE-2014-4678

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

9.8CVSS7.5AI score0.05197EPSS
Exploits0References2
CVE
CVE
added 2020/02/20 2:49 a.m.123 views

CVE-2014-4678

The CVE-2014-4678 entry concerns Ansible’s safe_eval function. Version pre-1.6.4 fails to properly restrict the code subset, enabling remote attackers to execute arbitrary code via crafted instructions. This vulnerability is linked to an incomplete fix for CVE-2014-4657 and is described as a remo...

9.8CVSS9.7AI score0.05197EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2020/02/20 2:49 a.m.30 views

CVE-2014-4678

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

9.8CVSS8.6AI score0.05197EPSS
Exploits0
Veracode
Veracode
added 2020/01/10 3:43 a.m.19 views

Arbitrary Code Execution

ansible is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the system by passing malicious strings that will be evaluated and executed by the safeeval function...

7.5CVSS4.5AI score0.0118EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/12 3:29 p.m.1 views

DEBIAN-CVE-2014-6633

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

8.8CVSS8.5AI score0.02605EPSS
Exploits0References1
Prion
Prion
added 2018/04/12 3:29 p.m.15 views

Code injection

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

9CVSS7.7AI score0.02605EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder