Vulnerabilities > Redhat > Openstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |
| 2019-10-16 | CVE-2019-11281 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. | 4.8 |
| 2019-10-08 | CVE-2019-14846 | Improper Output Neutralization for Logs vulnerability in multiple products In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. | 2.1 |
| 2019-09-25 | CVE-2017-18635 | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | 4.3 |
| 2019-08-13 | CVE-2019-9515 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9514 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. | 7.5 |
| 2019-08-09 | CVE-2019-14433 | Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. | 6.5 |
| 2019-08-01 | CVE-2018-10899 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Jolokia versions from 1.2 to before 1.6.1. | 8.8 |
| 2019-07-30 | CVE-2019-10156 | Information Exposure vulnerability in multiple products A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. | 5.5 |
| 2019-07-30 | CVE-2019-10141 | SQL Injection vulnerability in multiple products A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. | 6.4 |