Vulnerabilities > Redhat > Openstack > 9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2017-9214 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | 9.8 |
| 2017-05-23 | CVE-2017-8379 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. | 6.5 |
| 2017-05-23 | CVE-2017-8309 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | 7.5 |
| 2017-04-21 | CVE-2016-6519 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | 5.4 |
| 2017-03-27 | CVE-2017-5973 | Infinite Loop vulnerability in multiple products The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | 5.5 |
| 2017-03-15 | CVE-2016-7103 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | 6.1 |
| 2016-12-23 | CVE-2016-9921 | Divide By Zero vulnerability in multiple products Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. | 6.5 |
| 2016-12-23 | CVE-2016-9911 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. | 6.5 |
| 2016-12-23 | CVE-2016-9907 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. | 6.5 |
| 2016-12-10 | CVE-2016-7466 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. | 6.0 |