Redhat

Ansible Tower

64 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-14680

  • EPSS 1.04%
  • Published 28.07.2018 23:29:00
  • Last modified 21.11.2024 03:49:34

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

6.5

CVE-2018-14679

  • EPSS 0.93%
  • Published 28.07.2018 23:29:00
  • Last modified 21.11.2024 03:49:34

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

9

CVE-2017-12148

  • EPSS 0.45%
  • Published 27.07.2018 16:29:00
  • Last modified 21.11.2024 03:08:55

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook sour...

6.5

CVE-2018-13988

  • EPSS 0.84%
  • Published 25.07.2018 23:29:00
  • Last modified 21.11.2024 03:48:22

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab...

9.8

CVE-2018-12910

  • EPSS 5.21%
  • Published 05.07.2018 18:29:00
  • Last modified 21.11.2024 03:46:05

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

7.5

CVE-2018-1061

  • EPSS 0.93%
  • Published 19.06.2018 12:29:00
  • Last modified 21.11.2024 03:59:05

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

7.5

CVE-2018-1060

Exploit
  • EPSS 0.96%
  • Published 18.06.2018 14:29:00
  • Last modified 21.11.2024 03:59:05

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

4.7

CVE-2018-0495

Exploit
  • EPSS 0.23%
  • Published 13.06.2018 23:29:00
  • Last modified 21.11.2024 03:38:21

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka ...

5.5

CVE-2017-18267

Exploit
  • EPSS 0.25%
  • Published 10.05.2018 15:29:00
  • Last modified 21.11.2024 03:19:43

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

6.5

CVE-2018-10768

Exploit
  • EPSS 1.85%
  • Published 06.05.2018 23:29:00
  • Last modified 21.11.2024 03:42:00

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are no...