mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
364028b9b3
commit
f166736a1b
@ -2,7 +2,7 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-4660",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +11,71 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the \"deb http://user:pass@server:port/\" format."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
|
||||
"url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.securityfocus.com/bid/68231",
|
||||
"url": "https://www.securityfocus.com/bid/68231"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2014/06/26/19",
|
||||
"url": "https://www.openwall.com/lists/oss-security/2014/06/26/19"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security-tracker.debian.org/tracker/CVE-2014-4660",
|
||||
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4660"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08",
|
||||
"url": "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-4678",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +11,81 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Other"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ansible",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "before 1.6.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916",
|
||||
"url": "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ",
|
||||
"url": "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://security-tracker.debian.org/tracker/CVE-2014-4678",
|
||||
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4678"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2014/06/26/30",
|
||||
"url": "https://www.openwall.com/lists/oss-security/2014/06/26/30"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2014/07/02/2",
|
||||
"url": "https://www.openwall.com/lists/oss-security/2014/07/02/2"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678",
|
||||
"url": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5",
|
||||
"url": "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user