Vulnerabilities > Redhat > Openstack > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-21 | CVE-2022-38065 | Improper Privilege Management vulnerability in Redhat Openstack A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. | 8.8 |
2022-03-04 | CVE-2021-3656 | Missing Authorization vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. | 8.8 |
2022-02-18 | CVE-2020-25717 | Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. | 8.1 |
2021-05-06 | CVE-2021-31918 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 16.1 A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. | 7.5 |
2021-03-18 | CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. | 7.5 |
2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
2020-03-24 | CVE-2020-10684 | Missing Authorization vulnerability in multiple products A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. | 7.1 |
2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
2019-12-26 | CVE-2019-16789 | HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. | 8.2 |
2019-12-20 | CVE-2019-16786 | HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. | 7.5 |