Every CVE whose affected-product data names Redhat Openstack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-1842 — CVSS 10.0 (critical): The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd…
CVE-2017-2637 — CVSS 9.9 (critical): A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd…
CVE-2018-17963 — CVSS 9.8 (critical): qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service…
CVE-2008-7313 — CVSS 9.8 (critical): The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete…
CVE-2015-5741 — CVSS 9.8 (critical): The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to…
CVE-2017-7481 — CVSS 9.8 (critical): Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the…
CVE-2014-5009 — CVSS 9.8 (critical): Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2017-10906 — CVSS 9.8 (critical): Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or…
CVE-2017-9214 — CVSS 9.8 (critical): In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused…
CVE-2018-11219 — CVSS 9.8 (critical): An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x…
CVE-2018-11218 — CVSS 9.8 (critical): Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0…
CVE-2016-6662 — CVSS 9.8 (critical): Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x…
CVE-2015-5165 — CVSS 9.3 (critical): The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers…
CVE-2019-14859 — CVSS 9.1 (critical): A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding…
CVE-2015-7512 — CVSS 9.0 (critical): Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to…
CVE-2022-38065 — CVSS 8.8 (high): A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly…
CVE-2018-10898 — CVSS 8.8 (high): A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default…
CVE-2016-1568 — CVSS 8.8 (high): Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial…
CVE-2016-3710 — CVSS 8.8 (high): The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to…
CVE-2016-4474 — CVSS 8.8 (high): The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux…
CVE-2021-3656 — CVSS 8.8 (high): A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine…
CVE-2018-10915 — CVSS 8.5 (high): A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between…
CVE-2016-2857 — CVSS 8.4 (high): The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap…
CVE-2019-10141 — CVSS 8.3 (high): A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection…
CVE-2017-2627 — CVSS 8.2 (high): A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with…
CVE-2018-11806 — CVSS 8.2 (high): m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-1000807 — CVSS 8.1 (high): Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object…
CVE-2016-9587 — CVSS 8.1 (high): Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems…
CVE-2016-1714 — CVSS 8.1 (high): The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration…
CVE-2020-25717 — CVSS 8.1 (high): A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible…
CVE-2018-10899 — CVSS 8.1 (high): A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for…
CVE-2017-7466 — CVSS 8.0 (high): Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control…
CVE-2019-3895 — CVSS 8.0 (high): An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An…
CVE-2020-10684 — CVSS 7.9 (high): A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using…
CVE-2019-14846 — CVSS 7.8 (high): In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG…
CVE-2016-5126 — CVSS 7.8 (high): Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of…
CVE-2017-7980 — CVSS 7.8 (high): Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute…
CVE-2019-3830 — CVSS 7.8 (high): A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive…
CVE-2018-10874 — CVSS 7.8 (high): In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under…
CVE-2018-10875 — CVSS 7.8 (high): A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a…
CVE-2018-2755 — CVSS 7.7 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2020-1711 — CVSS 7.7 (high): An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a…
CVE-2015-3456 — CVSS 7.7 (high): The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service…
CVE-2018-1000127 — CVSS 7.5 (high): memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and…
CVE-2013-2882 — CVSS 7.5 (high): Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified…
CVE-2020-27827 — CVSS 7.5 (high): A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to…
CVE-2017-10664 — CVSS 7.5 (high): qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by…
CVE-2017-15139 — CVSS 7.5 (high): A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume…
CVE-2017-18191 — CVSS 7.5 (high): An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an…
CVE-2013-4182 — CVSS 7.5 (high): app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote…
CVE-2013-4386 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute…
CVE-2019-9515 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2014-3691 — CVSS 7.5 (high): Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which…
CVE-2019-14818 — CVSS 7.5 (high): A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a…
CVE-2019-11287 — CVSS 7.5 (high): Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to…
CVE-2015-3209 — CVSS 7.5 (high): Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with…
CVE-2015-5271 — CVSS 7.5 (high): The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object…
CVE-2018-17205 — CVSS 7.5 (high): An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle…
CVE-2015-8080 — CVSS 7.5 (high): Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent…
CVE-2016-4985 — CVSS 7.5 (high): The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive…
CVE-2018-10903 — CVSS 7.5 (high): A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length…
CVE-2020-9490 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a…
CVE-2018-1000115 — CVSS 7.5 (high): Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the…
CVE-2017-8309 — CVSS 7.5 (high): Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by…
CVE-2021-31918 — CVSS 7.5 (high): A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during…
CVE-2019-0223 — CVSS 7.4 (high): While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and…
CVE-2015-5329 — CVSS 7.3 (high): The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the…
CVE-2019-10192 — CVSS 7.2 (high): A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2019-10193 — CVSS 7.2 (high): A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and…
CVE-2015-5225 — CVSS 7.2 (high): Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a…
CVE-2018-2562 — CVSS 7.1 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are…
CVE-2019-16785 — CVSS 7.1 (high): Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and…
CVE-2019-16786 — CVSS 7.1 (high): Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not…
CVE-2019-16789 — CVSS 7.1 (high): In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that…
CVE-2016-9599 — CVSS 7.1 (high): puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the…
CVE-2015-3214 — CVSS 6.9 (medium): The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write…
CVE-2013-6393 — CVSS 6.8 (medium): The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to…
CVE-2017-2673 — CVSS 6.8 (medium): An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated…
CVE-2020-14355 — CVSS 6.6 (medium): Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before…
CVE-2023-2088 — CVSS 6.5 (medium): A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A…
CVE-2013-4222 — CVSS 6.5 (medium): OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a…
CVE-2016-4020 — CVSS 6.5 (medium): The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS…
CVE-2016-9590 — CVSS 6.5 (medium): puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation…
CVE-2016-9907 — CVSS 6.5 (medium): Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while…
CVE-2016-9911 — CVSS 6.5 (medium): Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing…
CVE-2016-9921 — CVSS 6.5 (medium): Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while…
CVE-2017-10378 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2017-10379 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are…
CVE-2017-10384 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57…
CVE-2017-8379 — CVSS 6.5 (medium): Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a…
CVE-2018-14635 — CVSS 6.5 (medium): When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address…
CVE-2018-2622 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58…
CVE-2018-2640 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-2665 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-2668 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-2817 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59…
CVE-2018-2819 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and…
CVE-2019-10876 — CVSS 6.5 (medium): An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security…
CVE-2019-14433 — CVSS 6.5 (medium): An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2019-9735 — CVSS 6.5 (medium): An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and…
CVE-2020-10756 — CVSS 6.5 (medium): An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the…
CVE-2021-3930 — CVSS 6.5 (medium): An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in…
CVE-2022-1655 — CVSS 6.5 (medium): An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are…
CVE-2020-1759 — CVSS 6.4 (medium): A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was…
CVE-2014-0071 — CVSS 6.4 (medium): PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to…
CVE-2013-2029 — CVSS 6.3 (medium): nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to…
CVE-2013-4214 — CVSS 6.3 (medium): rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary…
CVE-2018-1059 — CVSS 6.1 (medium): The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing…
CVE-2017-18635 — CVSS 6.1 (medium): An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web…
CVE-2016-7103 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via…
CVE-2013-2121 — CVSS 6.0 (medium): Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users…
CVE-2016-8909 — CVSS 6.0 (medium): The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of…
CVE-2016-8669 — CVSS 6.0 (medium): The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a…
CVE-2016-8576 — CVSS 6.0 (medium): The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of…
CVE-2016-8910 — CVSS 6.0 (medium): The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial…
CVE-2013-2113 — CVSS 6.0 (medium): The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to…
CVE-2016-7466 — CVSS 6.0 (medium): Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS…
CVE-2016-7422 — CVSS 6.0 (medium): The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial…
CVE-2013-2255 — CVSS 5.9 (medium): HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate…
CVE-2018-10237 — CVSS 5.9 (medium): Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks…
CVE-2022-3100 — CVSS 5.9 (medium): A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
CVE-2018-10855 — CVSS 5.9 (medium): Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used…
CVE-2020-10711 — CVSS 5.9 (medium): A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing…
CVE-2016-2124 — CVSS 5.9 (medium): A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent…
CVE-2018-2761 — CVSS 5.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are…
CVE-2017-2622 — CVSS 5.9 (medium): An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world…
CVE-2018-1000808 — CVSS 5.9 (medium): Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last…
CVE-2013-6391 — CVSS 5.8 (medium): The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped…
CVE-2019-14905 — CVSS 5.6 (medium): A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in…
CVE-2014-9493 — CVSS 5.5 (medium): The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read…
CVE-2022-3146 — CVSS 5.5 (medium): A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently…
CVE-2017-5973 — CVSS 5.5 (medium): The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of…
CVE-2017-2615 — CVSS 5.5 (medium): Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur…
CVE-2021-3620 — CVSS 5.5 (medium): A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is…
CVE-2018-16856 — CVSS 5.5 (medium): In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and…
CVE-2016-9603 — CVSS 5.5 (medium): A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could…
CVE-2018-18438 — CVSS 5.5 (medium): Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2016-5403 — CVSS 5.5 (medium): The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory…
CVE-2017-2620 — CVSS 5.5 (medium): Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The…
CVE-2017-2621 — CVSS 5.5 (medium): An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory…
CVE-2012-5474 — CVSS 5.5 (medium): The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon…
CVE-2018-3639 — CVSS 5.5 (medium): Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior…
CVE-2022-3101 — CVSS 5.5 (medium): A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently…
CVE-2019-10156 — CVSS 5.4 (medium): A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of…
CVE-2016-4428 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote…
CVE-2020-10753 — CVSS 5.4 (medium): A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers…
CVE-2016-6519 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to…
CVE-2015-5295 — CVSS 5.4 (medium): The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote…
CVE-2017-3636 — CVSS 5.3 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are…
CVE-2018-10892 — CVSS 5.3 (medium): The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw…
CVE-2018-14432 — CVSS 5.3 (medium): In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects"…
CVE-2018-16876 — CVSS 5.3 (medium): ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to…
CVE-2018-7536 — CVSS 5.3 (medium): An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was…
CVE-2020-1758 — CVSS 5.3 (medium): A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using…
CVE-2017-7539 — CVSS 5.3 (medium): An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where…
CVE-2017-7543 — CVSS 5.3 (medium): A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before…
CVE-2013-4180 — CVSS 5.0 (medium): The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service…
CVE-2020-14364 — CVSS 5.0 (medium): An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while…
CVE-2020-1733 — CVSS 5.0 (medium): A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an…
CVE-2014-4615 — CVSS 5.0 (medium): The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2…
CVE-2013-6470 — CVSS 5.0 (medium): The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise…
CVE-2020-10685 — CVSS 5.0 (medium): A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as…
CVE-2017-3641 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56…
CVE-2018-2781 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-17206 — CVSS 4.9 (medium): An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a…
CVE-2019-11291 — CVSS 4.8 (medium): Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and…
CVE-2019-11281 — CVSS 4.8 (medium): Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and…
CVE-2018-14620 — CVSS 4.7 (medium): The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could…
CVE-2018-2771 — CVSS 4.4 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are…
CVE-2016-6888 — CVSS 4.4 (medium): Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators…
CVE-2017-3651 — CVSS 4.3 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are…
CVE-2021-4180 — CVSS 4.3 (medium): An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An…
CVE-2014-0042 — CVSS 4.3 (medium): OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain…
CVE-2014-0041 — CVSS 4.3 (medium): OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain…
CVE-2014-0040 — CVSS 4.3 (medium): OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download…
CVE-2013-6491 — CVSS 4.3 (medium): The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set…
CVE-2018-2813 — CVSS 4.3 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59…
CVE-2018-17204 — CVSS 4.3 (medium): An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When…
CVE-2020-1735 — CVSS 4.2 (medium): A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then…
CVE-2017-10268 — CVSS 4.1 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2014-3708 — CVSS 4.0 (medium): OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU…
CVE-2014-9623 — CVSS 4.0 (medium): OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a…
CVE-2015-0271 — CVSS 4.0 (medium): The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read…
CVE-2014-8333 — CVSS 4.0 (medium): The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk…
CVE-2014-7821 — CVSS 4.0 (medium): OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a…
CVE-2014-3621 — CVSS 4.0 (medium): The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users…
CVE-2013-4185 — CVSS 4.0 (medium): Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle…
CVE-2016-2121 — CVSS 4.0 (medium): A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain…
CVE-2020-1739 — CVSS 3.9 (low): A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of…
CVE-2020-1740 — CVSS 3.9 (low): A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another…