Filtered by vendor Redhat Subscriptions
Filtered by product Ansible Engine Subscriptions
Total 42 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-7481 3 Canonical, Debian, Redhat 14 Ubuntu Linux, Debian Linux, Ansible Engine and 11 more 2024-11-21 9.8 Critical
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVE-2016-8647 1 Redhat 3 Ansible Engine, Rhev Manager, Virtualization 2024-11-21 4.9 Medium
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.