VulnerableCode Package Details - pkg:deb/debian/ansible@2.9.4%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a49n-tvnt-p3df	A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.	CVE-2019-14905 GHSA-frxj-5j27-f8rf PYSEC-2020-206
VCID-d4ka-dk4p-kfhb	A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.	CVE-2019-14904 GHSA-gwr8-5j83-483c PYSEC-2020-161

Vulnerability

Summary

Aliases

VCID-a49n-tvnt-p3df

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

CVE-2019-14905
GHSA-frxj-5j27-f8rf
PYSEC-2020-206

VCID-d4ka-dk4p-kfhb

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.

CVE-2019-14904
GHSA-gwr8-5j83-483c
PYSEC-2020-161

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:37:59.158789+00:00	Debian Importer	Fixing	VCID-d4ka-dk4p-kfhb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:59:56.229915+00:00	Debian Importer	Fixing	VCID-a49n-tvnt-p3df	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:11:15.140990+00:00	Debian Importer	Fixing	VCID-d4ka-dk4p-kfhb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:42:05.660856+00:00	Debian Importer	Fixing	VCID-a49n-tvnt-p3df	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:08:50.930230+00:00	Debian Importer	Fixing	VCID-d4ka-dk4p-kfhb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:40.104164+00:00	Debian Importer	Fixing	VCID-a49n-tvnt-p3df	https://security-tracker.debian.org/tracker/data/json	38.1.0