Vulnerabilities > Redhat > Openstack > 10

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-19	CVE-2018-17205	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. network low complexity openvswitch redhat canonical CWE-617	7.5
2018-09-19	CVE-2018-17204	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. network low complexity openvswitch redhat canonical debian CWE-617	4.3
2018-09-10	CVE-2018-14635	Improper Input Validation vulnerability in multiple products When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. network low complexity redhat openstack CWE-20	6.5
2018-08-27	CVE-2017-15139	Information Exposure vulnerability in multiple products A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. network low complexity openstack redhat CWE-200	7.5
2018-08-22	CVE-2017-2627	Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. local low complexity redhat openstack CWE-22	8.2
2018-07-31	CVE-2018-14432	Information Exposure vulnerability in multiple products In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. network high complexity debian redhat openstack CWE-200	5.3
2018-07-27	CVE-2016-9603	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. network low complexity qemu redhat citrix debian CWE-119 critical	9.9
2018-07-27	CVE-2017-2620	Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. network low complexity qemu redhat citrix debian xen CWE-787 critical	9.9
2018-07-27	CVE-2017-2621	An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. local low complexity redhat openstack	5.5
2018-07-27	CVE-2017-2622	Unspecified vulnerability in Redhat Openstack 10 An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. local low complexity redhat	5.5