Openstack Security Vulnerabilities - November 2019
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
5.9CVSS
5.7AI Score
0.007EPSS
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
6.5CVSS
6.4AI Score
0.004EPSS
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
6.5CVSS
6.4AI Score
0.004EPSS
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leve...
7.5CVSS
7.2AI Score
0.451EPSS
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user ...
4.8CVSS
4.5AI Score
0.001EPSS
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file...
7.5CVSS
7.1AI Score
0.006EPSS
6.5CVSS
6.3AI Score
0.001EPSS