CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4167 – openstack-neutron: L3-agent denial of service through IPv6 subnet
https://notcve.org/view.php?id=CVE-2014-4167
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. El agente L3 en OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de adjunto de dirección IPv4) al adjuntar una subred IPv6 privada a un router L3. • http://seclists.org/oss-sec/2014/q2/572 http://secunia.com/advisories/59533 http://www.ubuntu.com/usn/USN-2255-1 https://bugs.launchpad.net/neutron/+bug/1309195 https://access.redhat.com/security/cve/CVE-2014-4167 https://bugzilla.redhat.com/show_bug.cgi?id=1110139 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-0187 – openstack-neutron: security groups bypass through invalid CIDR
https://notcve.org/view.php?id=CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a través de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican más reglas. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html http://secunia.com/advisories/59533 http://www.openwall.com/lists/oss-security/2014/04/22/8 http://www.ubuntu.com/usn/USN-2255-1 https://bugs.launchpad.net/neutron/+bug/1300785 https://access.redhat.com/security/cve/CVE-2014-0187 https://bugzilla.redhat.com/show_bug.cgi?id=1090132 • CWE-264: Permissions, Privileges, and Access Controls •