Vulnerabilities > Redhat > Openstack > 12

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2019-3895 An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director.
network
low complexity
openstack redhat
8.0
8.0
2019-03-26 CVE-2018-16856 Information Exposure Through Log Files vulnerability in multiple products
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users.
network
low complexity
openstack redhat CWE-532
7.5
7.5
2018-10-19 CVE-2018-18438 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
local
low complexity
qemu redhat CWE-190
5.5
5.5
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
6.5
2018-09-10 CVE-2018-14620 Improper Input Validation vulnerability in Redhat Openstack 12/13
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage.
network
low complexity
redhat CWE-20
critical
 9.8
9.8
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
7.5
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
network
high complexity
debian redhat openstack CWE-200
5.3
5.3
2018-07-18 CVE-2018-2767 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).
network
high complexity
oracle debian canonical redhat mariadb netapp
3.1
3.1
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
7.8
2018-07-06 CVE-2018-10892 The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames.
network
low complexity
docker mobyproject redhat opensuse
5.3
5.3