CVSS: 6.5EPSS: 8%CPEs: 2EXPL: 1CVE-2015-3221 – GeniXCMS 0.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3221
24 Aug 2015 — OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. Vulnerabilidad en OpenStack Neutron en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.1 (kilo), cuando se usa el controlador del firewall IPTables, permite a usuarios remotos autenticados causar una denegación de se... • https://www.exploit-db.com/exploits/37360 • CWE-20: Improper Input Validation CWE-248: Uncaught Exception •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8153
https://notcve.org/view.php?id=CVE-2014-8153
15 Jan 2015 — The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. El agente L3 en OpenStack Neutron 2014.2.x anterior a 2014.2.2, cuando utiliza radvd 2.0+, permite a usuarios remotos autenticados causar una denegación de servicio (el procesamiento de la actualización de routers bloqueado) mediante la creación de ocho ... • http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-7821 – openstack-neutron: DoS via maliciously crafted dns_nameservers
https://notcve.org/view.php?id=CVE-2014-7821
24 Nov 2014 — OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. OpenStack Neutron anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un valor dns_nameservers manipulado en la configuración DNS. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' paramete... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6414 – openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
https://notcve.org/view.php?id=CVE-2014-6414
02 Oct 2014 — OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administración a los valores por defecto a través de vectores no especificados. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default va... • http://rhn.redhat.com/errata/RHSA-2014-1686.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4615 – pycadf: token leak to message queue
https://notcve.org/view.php?id=CVE-2014-4615
11 Aug 2014 — The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). El middleware notificador en OpenStack PyCADF 0.5.0 y anteriores, Telemetry (Ceilometer) 2013.2 anterior a 2013.2.4 y 2014.x anterior a 2014.1.2, Neutron 2014.x anterior a 2014.1.2 y Juno ante... • http://rhn.redhat.com/errata/RHSA-2014-1050.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-3555 – openstack-neutron: Denial of Service in Neutron allowed address pair
https://notcve.org/view.php?id=CVE-2014-3555
23 Jul 2014 — OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (caída o actualizaciones de normas largas de firewall) mediante la creación de un número grande de parejas de d... • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •