CVE-2020-1738

LOW Year: 2020
CVSS v3 Score
3.9
Low
CVSS v2 Score
2.6
Low
Weakness Type
CWE-88
View all →

Vulnerability Description

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

Related Vulnerabilities

CVE-2018-11020

MEDIUM
CVSS:4.4(Medium)

kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /d...

CWE-882018

CVE-2025-29768

MEDIUM
CVSS:4.4(Medium)

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an arch...

CWE-882025

CVE-2021-3045

MEDIUM
CVSS:4.9(Medium)

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts...

CWE-882021

CVE-2020-14027

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enabl...

CWE-882020

CVE-2022-24953

MEDIUM
CVSS:5.3(Medium)

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.

CWE-882022

CVE-2022-4864

MEDIUM
CVSS:5.3(Medium)

Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CWE-882022