Vulnerabilities > Redhat > Openstack Platform

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-20270 Infinite Loop vulnerability in multiple products
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
network
low complexity
pygments redhat fedoraproject debian CWE-835
7.5
2020-12-18 CVE-2020-27781 Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
local
low complexity
redhat fedoraproject CWE-522
7.1
2020-11-12 CVE-2020-25658 It was found that python-rsa is vulnerable to Bleichenbacher timing attacks.
network
high complexity
python-rsa-project redhat fedoraproject
5.9
2020-10-06 CVE-2020-25743 NULL Pointer Dereference vulnerability in multiple products
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
local
low complexity
qemu redhat CWE-476
3.2
2020-09-23 CVE-2020-14365 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian
7.1
2020-07-31 CVE-2020-10731 Unspecified vulnerability in Redhat Openstack Platform 15.0/16.0/16.1
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled.
network
low complexity
redhat
critical
9.9
2017-11-27 CVE-2017-15114 Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services.
network
high complexity
redhat CWE-295
8.1