Vulnerabilities > Redhat > Openstack > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-24 | CVE-2016-9587 | Improper Input Validation vulnerability in multiple products Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. | 8.1 |
| 2018-02-19 | CVE-2017-18191 | An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. | 7.8 |
| 2018-01-18 | CVE-2018-2562 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). | 7.5 |
| 2017-05-23 | CVE-2017-9214 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | 7.5 |
| 2017-05-23 | CVE-2017-8309 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | 7.8 |
| 2017-03-31 | CVE-2014-5009 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
| 2017-03-31 | CVE-2014-5008 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
| 2017-03-31 | CVE-2008-7313 | Command Injection vulnerability in multiple products The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
| 2016-07-12 | CVE-2016-4985 | Information Exposure vulnerability in multiple products The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | 7.5 |
| 2016-06-01 | CVE-2016-5126 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | 7.8 |