Vulnerabilities > Redhat > Ansible Tower > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-14 CVE-2019-14858 Information Exposure Through Log Files vulnerability in Redhat Ansible Engine
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5.
local
low complexity
redhat CWE-532
5.5
2019-03-25 CVE-2019-3838 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27.
local
low complexity
artifex redhat fedoraproject opensuse debian
5.5
2019-03-25 CVE-2019-3835 Missing Authorization vulnerability in multiple products
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27.
5.5
2018-08-22 CVE-2017-7528 CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection.
low complexity
redhat CWE-93
6.5
2018-07-28 CVE-2018-14680 Improper Input Validation vulnerability in multiple products
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
6.5
2018-07-28 CVE-2018-14679 Off-by-one Error vulnerability in multiple products
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
6.5
2018-07-25 CVE-2018-13988 Out-of-bounds Read vulnerability in multiple products
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite.
network
low complexity
freedesktop canonical debian redhat CWE-125
6.5
2018-06-13 CVE-2018-0495 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP.
local
high complexity
gnupg canonical debian redhat oracle CWE-203
4.7
2018-05-10 CVE-2017-18267 Infinite Loop vulnerability in multiple products
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
local
low complexity
freedesktop canonical redhat debian CWE-835
5.5
2018-05-06 CVE-2018-10768 NULL Pointer Dereference vulnerability in multiple products
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5.
network
low complexity
freedesktop canonical debian redhat CWE-476
6.5