Vulnerabilities > Redhat > Openstack > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-19 | CVE-2018-17204 | Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. | 4.3 |
2018-09-10 | CVE-2018-14635 | Improper Input Validation vulnerability in multiple products When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. | 6.5 |
2018-07-31 | CVE-2018-14432 | Information Exposure vulnerability in multiple products In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. | 5.3 |
2018-07-27 | CVE-2017-2621 | An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |
2018-07-27 | CVE-2017-2622 | Unspecified vulnerability in Redhat Openstack 10 An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. | 5.5 |
2018-07-26 | CVE-2017-7543 | A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. | 5.9 |
2018-07-06 | CVE-2018-10892 | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
2018-07-03 | CVE-2018-10855 | Information Exposure Through Log Files vulnerability in multiple products Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 5.9 |
2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
2018-04-26 | CVE-2018-10237 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | 5.9 |