Vulnerabilities > Redhat > Openstack > 9

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-10141 SQL Injection vulnerability in multiple products
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1.
network
low complexity
openstack redhat CWE-89
6.4
6.4
2019-07-11 CVE-2019-10193 Out-of-bounds Write vulnerability in multiple products
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
6.5
6.5
2019-07-11 CVE-2019-10192 Out-of-bounds Write vulnerability in multiple products
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
6.5
6.5
2018-10-19 CVE-2018-18438 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
local
low complexity
qemu redhat CWE-190
2.1
2.1
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
 9.9
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.9
9.9
2018-07-27 CVE-2017-2621 Files or Directories Accessible to External Parties vulnerability in multiple products
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack CWE-552
5.5
5.5
2018-07-26 CVE-2017-7543 Race Condition vulnerability in multiple products
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled.
network
high complexity
openstack redhat CWE-362
5.9
5.9
2018-07-26 CVE-2017-7539 Reachable Assertion vulnerability in multiple products
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat CWE-617
7.5
7.5
2018-07-26 CVE-2017-2637 Missing Authentication for Critical Function vulnerability in Redhat Openstack
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration.
network
low complexity
redhat CWE-306
critical
 10.0
10