Vulnerabilities > Redhat > Openstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2017-18635 Cross-site Scripting vulnerability in multiple products
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
network
low complexity
novnc debian canonical redhat CWE-79
6.1
2019-08-09 CVE-2019-14433 Information Exposure Through an Error Message vulnerability in multiple products
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2.
network
low complexity
openstack canonical redhat debian CWE-209
6.5
2019-07-30 CVE-2019-10156 A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution.
network
low complexity
redhat debian
5.4
2019-04-05 CVE-2019-10876 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat
6.5
2019-03-13 CVE-2019-9735 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat debian CWE-755
6.5
2019-01-03 CVE-2018-16876 Information Exposure vulnerability in multiple products
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
network
high complexity
redhat debian suse canonical CWE-200
5.3
2018-10-31 CVE-2016-2121 Unspecified vulnerability in Redhat Openstack 10
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information.
local
low complexity
redhat
5.5
2018-10-19 CVE-2018-18438 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
local
low complexity
qemu redhat CWE-190
5.5
2018-10-08 CVE-2018-1000808 Improper Resource Shutdown or Release vulnerability in multiple products
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted.
network
high complexity
pyopenssl-project canonical redhat CWE-404
5.9
2018-09-19 CVE-2018-17206 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6.
network
low complexity
openvswitch redhat canonical debian CWE-125
4.9