Vulnerabilities > Redhat > Openstack > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
network
low complexity
openstack redhat fedoraproject debian CWE-326
critical
9.8
2019-12-10 CVE-2013-2167 Insufficient Verification of Data Authenticity vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
network
low complexity
openstack redhat debian CWE-345
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-26 CVE-2017-2637 Missing Authentication for Critical Function vulnerability in Redhat Openstack
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration.
network
low complexity
redhat CWE-306
critical
10.0
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.1
2017-12-08 CVE-2017-10906 Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
network
low complexity
fluentd redhat
critical
10.0
2016-09-20 CVE-2016-6662 Permissions, Privileges, and Access Controls vulnerability in multiple products
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.
network
low complexity
oracle percona mariadb debian redhat CWE-264
critical
10.0
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0