Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-25	CVE-2017-18635	Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. network novnc debian canonical redhat CWE-79	4.3
2019-08-09	CVE-2019-14433	Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. network low complexity openstack canonical redhat debian CWE-209	6.5
2019-07-30	CVE-2019-10156	Information Exposure vulnerability in multiple products A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. network low complexity redhat debian CWE-200	5.5
2019-07-30	CVE-2019-10141	SQL Injection vulnerability in multiple products A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. network low complexity openstack redhat CWE-89	6.4
2019-07-11	CVE-2019-10193	Out-of-bounds Write vulnerability in multiple products A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. network low complexity redislabs redhat debian canonical oracle CWE-787	6.5
2019-07-11	CVE-2019-10192	Out-of-bounds Write vulnerability in multiple products A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. network low complexity redislabs redhat debian canonical oracle CWE-787	6.5
2019-06-03	CVE-2019-3895	An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. network openstack redhat	6.8
2019-04-05	CVE-2019-10876	An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. network low complexity openstack redhat	4.0
2019-03-26	CVE-2018-16856	Information Exposure Through Log Files vulnerability in multiple products In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. network low complexity openstack redhat CWE-532	5.0
2019-03-13	CVE-2019-9735	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. network low complexity openstack redhat debian CWE-755	4.0