CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-7821 – openstack-neutron: DoS via maliciously crafted dns_nameservers
https://notcve.org/view.php?id=CVE-2014-7821
24 Nov 2014 — OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. OpenStack Neutron anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un valor dns_nameservers manipulado en la configuración DNS. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' paramete... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6414 – openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
https://notcve.org/view.php?id=CVE-2014-6414
02 Oct 2014 — OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administración a los valores por defecto a través de vectores no especificados. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default va... • http://rhn.redhat.com/errata/RHSA-2014-1686.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3632 – openstack-neutron: regression of fix for CVE-2013-6433
https://notcve.org/view.php?id=CVE-2014-3632
30 Sep 2014 — The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. La configuración por defecto en un fichero sudoers en el paquete Red Hat openstack-neutron anterior a 2014.1.2-4, utilizado en Red Hat Enterprise Linux Open Stack Platf... • http://rhn.redhat.com/errata/RHSA-2014-1339.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4615 – pycadf: token leak to message queue
https://notcve.org/view.php?id=CVE-2014-4615
11 Aug 2014 — The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). El middleware notificador en OpenStack PyCADF 0.5.0 y anteriores, Telemetry (Ceilometer) 2013.2 anterior a 2013.2.4 y 2014.x anterior a 2014.1.2, Neutron 2014.x anterior a 2014.1.2 y Juno ante... • http://rhn.redhat.com/errata/RHSA-2014-1050.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-3555 – openstack-neutron: Denial of Service in Neutron allowed address pair
https://notcve.org/view.php?id=CVE-2014-3555
23 Jul 2014 — OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (caída o actualizaciones de normas largas de firewall) mediante la creación de un número grande de parejas de d... • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4167 – openstack-neutron: L3-agent denial of service through IPv6 subnet
https://notcve.org/view.php?id=CVE-2014-4167
25 Jun 2014 — The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. El agente L3 en OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de adjunto de dirección IPv4) al adjuntar una subred IPv6 privada a un ... • http://seclists.org/oss-sec/2014/q2/572 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-6433 – openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
https://notcve.org/view.php?id=CVE-2013-6433
29 May 2014 — The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. La configuración por defecto en el paquete Red Hat Openstack-Neutron anterior a 2013.2.3-7 no establece debidamente un archivo de configuración para rootwrap, lo que permite a atacantes remotos ganar privilegios a través de un archivo de configuración manipulado. OpenStack Networking is... • http://rhn.redhat.com/errata/RHSA-2014-0516.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0056 – openstack-neutron: insufficient authorization checks when creating ports
https://notcve.org/view.php?id=CVE-2014-0056
06 May 2014 — The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. El agente l3 en OpenStack Neutron 2012.2 anterior a 2013.2.3 no comprueba el id inquilino cuando crea puertos, lo que permite a usuarios remotos autenticados enchufar puertos a los routers de inquilinos arbitrarios a través del id dispositivo en un comando port-create.... • http://rhn.redhat.com/errata/RHSA-2014-0516.html • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-0187 – openstack-neutron: security groups bypass through invalid CIDR
https://notcve.org/view.php?id=CVE-2014-0187
28 Apr 2014 — The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a través de un CIDR invalido en una regla de seguridad ... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html • CWE-264: Permissions, Privileges, and Access Controls •