Vulnerabilities > Redhat > Openstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-1735 A flaw was found in the Ansible Engine when the fetch module is used.
local
low complexity
redhat debian fedoraproject
4.6
2020-03-11 CVE-2020-1733 Race Condition vulnerability in multiple products
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user.
local
high complexity
redhat fedoraproject debian CWE-362
5.0
2020-02-11 CVE-2020-1711 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine.
network
high complexity
qemu redhat debian opensuse CWE-787
6.0
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
5.5
2019-11-26 CVE-2019-14856 Improper Authentication vulnerability in multiple products
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
network
low complexity
redhat opensuse CWE-287
6.5
2019-11-22 CVE-2019-11291 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input.
network
low complexity
vmware redhat CWE-79
4.8
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9
2019-10-16 CVE-2019-11281 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input.
4.8