Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 70 of 79 results


CVE-2018-16876

Medium priority

Some fixes available 1 of 2

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Fixed Not affected
Show less packages

CVE-2018-16837

Medium priority

Some fixes available 2 of 4

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2016-8614

Medium priority
Vulnerable

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-8628

Medium priority

Some fixes available 1 of 4

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Fixed
Show less packages

CVE-2016-8647

Low priority
Vulnerable

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-7481

Low priority

Some fixes available 1 of 5

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2018-10875

Medium priority

Some fixes available 2 of 4

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-10855

Low priority

Some fixes available 1 of 2

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Fixed Not affected
Show less packages

CVE-2018-10874

Medium priority

Some fixes available 1 of 3

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Not affected Not affected Fixed Not affected
Show less packages

CVE-2017-7466

Medium priority

Some fixes available 1 of 4

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the...

1 affected packages

ansible

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ansible Not affected Fixed
Show less packages