Vulnerabilities > Redhat > Openstack > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-30 CVE-2018-10903 Improper Input Validation vulnerability in multiple products
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3.
network
low complexity
cryptography canonical redhat CWE-20
7.5
2018-07-26 CVE-2017-7539 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat
7.5
2018-07-19 CVE-2017-2673 Unspecified vulnerability in Redhat Openstack 10/9
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone).
network
low complexity
redhat
7.2
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8
2018-06-22 CVE-2017-7466 Improper Input Validation vulnerability in Redhat Ansible
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems.
network
low complexity
redhat CWE-20
8.0
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
2018-04-24 CVE-2016-9587 Improper Input Validation vulnerability in multiple products
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems.
network
high complexity
redhat ansible CWE-20
8.1
2018-04-24 CVE-2016-9599 Improper Access Control vulnerability in multiple products
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values.
network
high complexity
openstack redhat CWE-284
7.5
2018-04-19 CVE-2018-2755 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).
local
high complexity
oracle debian canonical mariadb netapp redhat
7.7