rpm package
suse/spacewalk-client-tools&distro=SUSE Manager Client Tools 15
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015
Vulnerabilities (66)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8614 | — | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Jul 31, 2018 | A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. | ||
| CVE-2016-8628 | — | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Jul 31, 2018 | Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. | ||
| CVE-2016-8647 | — | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Jul 26, 2018 | An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. | ||
| CVE-2018-10874 | — | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Jul 2, 2018 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||
| CVE-2016-9587 | — | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-7550 | Cri | 9.8 | < 4.3.19-150000.3.89.2 | 4.3.19-150000.3.89.2 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t |
- CVE-2016-8614Jul 31, 2018affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
- CVE-2016-8628Jul 31, 2018affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
- CVE-2016-8647Jul 26, 2018affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
- CVE-2018-10874Jul 2, 2018affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
- CVE-2016-9587Apr 24, 2018affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 4.3.19-150000.3.89.2fixed 4.3.19-150000.3.89.2
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
Page 4 of 4