Vulnerabilities > Redhat > Ansible Tower > 3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-14 | CVE-2019-14858 | Information Exposure Through Log Files vulnerability in Redhat Ansible Engine A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. | 5.5 |
| 2019-03-28 | CVE-2019-3869 | Information Exposure vulnerability in Redhat Ansible Tower When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. | 7.2 |
| 2019-03-25 | CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. | 5.5 |
| 2019-03-25 | CVE-2019-3835 | Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. | 5.5 |
| 2019-01-03 | CVE-2018-16879 | Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. | 9.8 |
| 2018-10-08 | CVE-2018-1000805 | Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. | 8.8 |
| 2018-10-06 | CVE-2018-17456 | Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | 9.8 |
| 2018-08-01 | CVE-2015-9262 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | 9.8 |
| 2018-07-28 | CVE-2018-14682 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 8.8 |
| 2018-07-28 | CVE-2018-14681 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. | 8.8 |