Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

71 – 79 of 79 results


CVE-2013-2233

Medium priority

Some fixes available 1 of 5

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected
Show less packages

CVE-2016-9587

Medium priority

Some fixes available 1 of 4

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Fixed
Show less packages

CVE-2017-7550

Negligible priority
Ignored

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected
Show less packages

CVE-2014-3498

Medium priority
Fixed

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-6240

Medium priority
Vulnerable

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2016-3096

Medium priority

Some fixes available 1 of 2

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Fixed
Show less packages

CVE-2015-3908

Medium priority
Vulnerable

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2013-4260

Medium priority
Ignored

lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible
Show less packages

CVE-2013-4259

Low priority
Ignored

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible
Show less packages