) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:ansible:1.6.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-3498 |
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Published: June 08, 2017; 2:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2015-6240 |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Published: June 07, 2017; 4:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2016-3096 |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. Published: June 03, 2016; 10:59:04 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2015-3908 |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: August 12, 2015; 10:59:21 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |