Vulnerabilities > Redhat > Ansible Tower
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-16879 | Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. | 9.8 |
| 2018-10-23 | CVE-2018-16837 | Missing Encryption of Sensitive Data vulnerability in multiple products Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. | 2.1 |
| 2018-10-08 | CVE-2018-1000805 | Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. | 6.5 |
| 2018-10-06 | CVE-2018-17456 | Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | 7.5 |
| 2018-09-11 | CVE-2016-7070 | Permissions, Privileges, and Access Controls vulnerability in Redhat Ansible Tower A privilege escalation flaw was found in the Ansible Tower. | 5.2 |
| 2018-08-22 | CVE-2017-7528 | CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. | 3.3 |
| 2018-08-22 | CVE-2018-10884 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. | 6.8 |
| 2018-08-01 | CVE-2015-9262 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | 7.5 |
| 2018-07-28 | CVE-2018-14682 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 6.8 |
| 2018-07-28 | CVE-2018-14681 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. | 6.8 |