Vulnerabilities > Redhat > Ansible Tower > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-16879 Missing Encryption of Sensitive Data vulnerability in Redhat Ansible Tower
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ.
network
low complexity
redhat CWE-311
critical
9.8
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
9.8
2018-08-01 CVE-2015-9262 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
network
low complexity
debian canonical x redhat CWE-119
critical
9.8
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
9.8