Search for packages
| purl | pkg:rpm/redhat/redhat-virtualization-host@4.2-20180724?arch=0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-wqm7-2ajr-6ue8
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | There are no reported fixed by versions. |
|
VCID-y91x-2rch-pkar
Aliases: CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:50.930784+00:00 | RedHat Importer | Affected by | VCID-y91x-2rch-pkar | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10875.json | 38.0.0 |
| 2026-04-01T14:23:50.766815+00:00 | RedHat Importer | Affected by | VCID-wqm7-2ajr-6ue8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json | 38.0.0 |