Vulnerabilities > Redhat > Openstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-11 | CVE-2020-1733 | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
| 2020-02-11 | CVE-2020-1711 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. | 6.0 |
| 2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 6.4 |
| 2019-12-10 | CVE-2013-1793 | Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex openstack-utils openstack-db has insecure password creation | 5.0 |
| 2019-11-26 | CVE-2019-14856 | Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | 4.0 |
| 2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 4.3 |
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 4.3 |
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |
| 2019-10-16 | CVE-2019-11281 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. | 4.8 |