Vulnerabilities > Redhat > Openstack > 3.0

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2013-2167 Insufficient Verification of Data Authenticity vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
network
low complexity
openstack redhat debian CWE-345
critical
9.8
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
9.8
2019-12-10 CVE-2013-1793 Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex
openstack-utils openstack-db has insecure password creation
network
low complexity
redhat CWE-306
7.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9