Vulnerabilities > Redhat > Openstack > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-08 CVE-2015-5741 HTTP Request Smuggling vulnerability in multiple products
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
network
low complexity
golang redhat CWE-444
critical
9.8
2020-01-02 CVE-2019-14859 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding.
network
low complexity
python-ecdsa-project redhat CWE-347
critical
9.1
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
9.8
2019-12-10 CVE-2013-2167 Insufficient Verification of Data Authenticity vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
network
low complexity
openstack redhat debian CWE-345
critical
9.8
2019-07-30 CVE-2019-10141 SQL Injection vulnerability in multiple products
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1.
network
low complexity
openstack redhat CWE-89
critical
9.1
2018-10-09 CVE-2018-17963 Integer Overflow or Wraparound vulnerability in multiple products
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
qemu debian canonical redhat CWE-190
critical
9.8
2018-09-10 CVE-2018-14620 Improper Input Validation vulnerability in Redhat Openstack 12/13
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage.
network
low complexity
redhat CWE-20
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-26 CVE-2017-2637 Unspecified vulnerability in Redhat Openstack
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration.
network
low complexity
redhat
critical
10.0