2020

CVE-2020-1734 (v3: 8.7) 3 Mar 2020
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

2019

2018

CVE-2018-10905 (v3: 7.8) 24 Jul 2018
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

2017

2016

2015

2014

CVE-2014-0163 (v3: 8.8) 11 Dec 2019
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.

2013

CVE-2013-2060 (v3: 9.8) 28 Jan 2020
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

2012

2011