Vulnerabilities > Redhat > Openstack > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-03 | CVE-2019-3895 | An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. | 8.0 |
2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |
2019-03-26 | CVE-2019-3830 | Information Exposure Through Log Files vulnerability in multiple products A vulnerability was found in ceilometer before version 12.0.0.0rc1. | 7.8 |
2019-03-26 | CVE-2018-16856 | Information Exposure Through Log Files vulnerability in multiple products In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. | 7.5 |
2018-10-08 | CVE-2018-1000807 | Use After Free vulnerability in multiple products Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. | 8.1 |
2018-09-19 | CVE-2018-17205 | Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. | 7.5 |
2018-08-27 | CVE-2017-15139 | Information Exposure vulnerability in multiple products A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. | 7.5 |
2018-08-22 | CVE-2017-2627 | Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. | 8.2 |
2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 7.5 |
2018-07-30 | CVE-2018-10898 | Use of Hard-coded Credentials vulnerability in multiple products A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. | 8.8 |