Vulnerabilities > Redhat > Openstack > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-08 | CVE-2015-5741 | HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields. | 9.8 |
2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 9.1 |
2019-12-10 | CVE-2013-2166 | Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | 9.8 |
2019-12-10 | CVE-2013-2167 | Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | 9.8 |
2019-07-30 | CVE-2019-10141 | SQL Injection vulnerability in multiple products A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. | 9.1 |
2018-10-09 | CVE-2018-17963 | Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | 9.8 |
2018-09-10 | CVE-2018-14620 | Improper Input Validation vulnerability in Redhat Openstack 12/13 The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. | 9.8 |
2018-07-27 | CVE-2016-9603 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. | 9.9 |
2018-07-27 | CVE-2017-2620 | Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. | 9.9 |
2018-07-26 | CVE-2017-2637 | Unspecified vulnerability in Redhat Openstack A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. | 10.0 |