Vulnerabilities > Redhat > Openstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-10756 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator.
6.5
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5
2020-06-26 CVE-2020-10753 Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
6.5
2020-05-22 CVE-2020-10711 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.
network
high complexity
linux redhat debian opensuse canonical CWE-476
5.9
2020-05-15 CVE-2020-1758 Improper Certificate Validation vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server.
network
high complexity
redhat CWE-295
5.9
2020-05-11 CVE-2020-10685 Incomplete Cleanup vulnerability in multiple products
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules.
local
low complexity
redhat debian CWE-459
5.5
2020-04-13 CVE-2020-1759 Reusing a Nonce, Key Pair in Encryption vulnerability in multiple products
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session.
network
high complexity
redhat linuxfoundation fedoraproject CWE-323
6.8
2020-03-31 CVE-2019-14905 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices.
local
low complexity
redhat fedoraproject opensuse CWE-668
5.6
2020-03-16 CVE-2020-1740 Insecure Temporary File vulnerability in multiple products
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files.
local
high complexity
redhat debian fedoraproject CWE-377
4.7
2020-03-16 CVE-2020-1735 Path Traversal vulnerability in multiple products
A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject CWE-22
4.6