Vulnerabilities > Redhat > Openstack > 10

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-18	CVE-2021-3930	Off-by-one Error vulnerability in multiple products An off-by-one error was found in the SCSI device emulation in QEMU. local low complexity qemu redhat debian CWE-193	6.5
2021-03-18	CVE-2020-27827	A flaw was found in multiple versions of OpenvSwitch. network low complexity lldpd-project openvswitch redhat fedoraproject siemens	7.5
2020-08-31	CVE-2020-14364	Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. local high complexity qemu redhat fedoraproject debian opensuse canonical CWE-787	5.0
2020-07-06	CVE-2019-14900	SQL Injection vulnerability in multiple products A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. network low complexity hibernate redhat quarkus CWE-89	6.5
2020-05-15	CVE-2020-1758	Improper Certificate Validation vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. network high complexity redhat CWE-295	5.9
2020-05-11	CVE-2020-10685	Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. local low complexity redhat debian CWE-459	5.5
2020-03-24	CVE-2020-10684	Missing Authorization vulnerability in multiple products A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. local low complexity redhat debian fedoraproject CWE-862	7.1
2020-02-11	CVE-2020-1711	Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. network high complexity qemu redhat debian opensuse CWE-787	6.0
2020-01-02	CVE-2019-14859	Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. network low complexity python-ecdsa-project redhat CWE-347 critical	9.1
2019-11-14	CVE-2019-14818	Memory Leak vulnerability in multiple products A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. network low complexity dpdk redhat fedoraproject CWE-401	7.5