Vulnerabilities > Redhat > Openstack > 13

DATE CVE VULNERABILITY TITLE RISK
2018-09-19 CVE-2018-17206 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6.
network
low complexity
openvswitch redhat canonical debian CWE-125
4.9
4.9
2018-09-19 CVE-2018-17205 Reachable Assertion vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c.
network
low complexity
openvswitch redhat canonical CWE-617
7.5
7.5
2018-09-19 CVE-2018-17204 Reachable Assertion vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c.
network
low complexity
openvswitch redhat canonical debian CWE-617
4.3
4.3
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
6.5
2018-09-10 CVE-2018-14620 Improper Input Validation vulnerability in Redhat Openstack 12/13
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage.
network
low complexity
redhat CWE-20
critical
 9.8
9.8
2018-08-27 CVE-2017-15139 Information Exposure vulnerability in multiple products
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data.
network
low complexity
openstack redhat CWE-200
7.5
7.5
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
7.5
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
network
high complexity
debian redhat openstack CWE-200
5.3
5.3
2018-07-30 CVE-2018-10898 Use of Hard-coded Credentials vulnerability in multiple products
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40.
low complexity
redhat openstack CWE-798
8.8
8.8
2018-07-30 CVE-2018-10903 Improper Input Validation vulnerability in multiple products
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3.
network
low complexity
cryptography canonical redhat CWE-20
7.5
7.5