Vulnerabilities > Redhat > Openstack > 4.0

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
7.5
2019-12-10 CVE-2013-1793 Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex
openstack-utils openstack-db has insecure password creation
network
low complexity
redhat CWE-306
7.5
7.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
6.5
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9
5.9