Vulnerabilities > Redhat > Openstack > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2019-3895 An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director.
network
low complexity
openstack redhat
8.0
2019-04-23 CVE-2019-0223 While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0.
network
high complexity
apache redhat
7.4
2019-03-26 CVE-2019-3830 Information Exposure Through Log Files vulnerability in multiple products
A vulnerability was found in ceilometer before version 12.0.0.0rc1.
local
low complexity
openstack redhat CWE-532
7.8
2019-03-26 CVE-2018-16856 Information Exposure Through Log Files vulnerability in multiple products
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users.
network
low complexity
openstack redhat CWE-532
7.5
2018-10-08 CVE-2018-1000807 Use After Free vulnerability in multiple products
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution..
network
high complexity
pyopenssl canonical redhat CWE-416
8.1
2018-09-19 CVE-2018-17205 Reachable Assertion vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c.
network
low complexity
openvswitch redhat canonical CWE-617
7.5
2018-08-27 CVE-2017-15139 Information Exposure vulnerability in multiple products
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data.
network
low complexity
openstack redhat CWE-200
7.5
2018-08-22 CVE-2017-2627 Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.
local
low complexity
redhat openstack CWE-22
8.2
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
2018-07-30 CVE-2018-10898 Use of Hard-coded Credentials vulnerability in multiple products
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40.
low complexity
redhat openstack CWE-798
8.8