| 2018-07-26 | CVE-2017-7543 | A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. | 5.9 |
| 2018-07-26 | CVE-2017-7539 | An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. | 7.5 |
| 2018-07-26 | CVE-2017-2637 | Unspecified vulnerability in Redhat Openstack
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. network low complexity redhat critical | 10.0 |
| 2018-07-19 | CVE-2017-7481 | Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. | 9.8 |
| 2018-07-19 | CVE-2017-2673 | Unspecified vulnerability in Redhat Openstack 10/9
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). | 7.2 |
| 2018-07-13 | CVE-2018-10875 | Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible. | 7.8 |
| 2018-07-03 | CVE-2018-10855 | Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 5.9 |
| 2018-07-03 | CVE-2017-2615 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. | 9.1 |
| 2018-07-02 | CVE-2018-10874 | Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |
| 2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.0 |