Vulnerabilities > Redhat > Openstack > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-20 | CVE-2019-16785 | HTTP Request Smuggling vulnerability in multiple products Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. | 7.5 |
2019-12-10 | CVE-2013-1793 | Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex openstack-utils openstack-db has insecure password creation | 7.5 |
2019-11-23 | CVE-2019-11287 | Use of Externally-Controlled Format String vulnerability in multiple products Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. | 7.5 |
2019-11-14 | CVE-2019-14818 | Memory Leak vulnerability in multiple products A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. | 7.5 |
2019-10-08 | CVE-2019-14846 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. | 7.8 |
2019-08-13 | CVE-2019-9515 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. | 7.5 |
2019-08-13 | CVE-2019-9514 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. | 7.5 |
2019-08-01 | CVE-2018-10899 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Jolokia versions from 1.2 to before 1.6.1. | 8.8 |
2019-07-11 | CVE-2019-10193 | Out-of-bounds Write vulnerability in multiple products A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. | 7.2 |
2019-07-11 | CVE-2019-10192 | Out-of-bounds Write vulnerability in multiple products A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. | 7.2 |