5 results (0.003 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-5240 – openstack-neutron: Firewall rules bypass through port update

https://notcve.org/view.php?id=CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. Condición de carrera en OpenStack Neutron en versiones anteriores 2014.2.4 and 2015.1 en versiones anteriores 2015.1.2, cuando se utiliza el plugin ML2 o los grupos de seguridad de API AMQP, permite a usuarios remotos autenticados eludir controles IP anti-spoofing cambiando el propietario del dispositivo de un puerto para empezar con la red: antes de que las reglas de seguridad de grupo sean aplicadas. A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected. • http://rhn.redhat.com/errata/RHSA-2015-1909.html http://www.openwall.com/lists/oss-security/2015/09/08/9 https://bugs.launchpad.net/neutron/+bug/1489111 https://bugzilla.redhat.com/show_bug.cgi?id=1258458 https://security.openstack.org/ossa/OSSA-2015-018.html https://access.redhat.com/security/cve/CVE-2015-5240 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 1

CVE-2015-3221 – GeniXCMS 0.0.3 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-3221

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. Vulnerabilidad en OpenStack Neutron en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.1 (kilo), cuando se usa el controlador del firewall IPTables, permite a usuarios remotos autenticados causar una denegación de servicio (caída del agente L2) añadiendo un par de direcciones que son rechazadas por la herramienta ipset. A Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash. • https://www.exploit-db.com/exploits/37360 http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html http://rhn.redhat.com/errata/RHSA-2015-1680.html http://www.securityfocus.com/bid/75368 https://bugs.launchpad.net/neutron/+bug/1461054 https://access.redhat.com/security/cve/CVE-2015-3221 https://bugzilla.redhat.com/show_bug.cgi?id=1232284 • CWE-20: Improper Input Validation CWE-248: Uncaught Exception •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-6414 – openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users

https://notcve.org/view.php?id=CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administración a los valores por defecto a través de vectores no especificados. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of service. • http://rhn.redhat.com/errata/RHSA-2014-1686.html http://rhn.redhat.com/errata/RHSA-2014-1785.html http://rhn.redhat.com/errata/RHSA-2014-1786.html http://secunia.com/advisories/62299 http://www.openwall.com/lists/oss-security/2014/09/15/5 http://www.ubuntu.com/usn/USN-2408-1 https://bugs.launchpad.net/neutron/+bug/1357379 https://access.redhat.com/security/cve/CVE-2014-6414 https://bugzilla.redhat.com/show_bug.cgi?id=1142012 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0

CVE-2014-4615 – pycadf: token leak to message queue

https://notcve.org/view.php?id=CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). El middleware notificador en OpenStack PyCADF 0.5.0 y anteriores, Telemetry (Ceilometer) 2013.2 anterior a 2013.2.4 y 2014.x anterior a 2014.1.2, Neutron 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, y Oslo permite a usuarios remotos autenticados obtener valores X_AUTH_TOKEN mediante la lectura de la cola de mensajes (v2/meters/http.request). It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected. • http://rhn.redhat.com/errata/RHSA-2014-1050.html http://secunia.com/advisories/60643 http://secunia.com/advisories/60736 http://secunia.com/advisories/60766 http://www.openwall.com/lists/oss-security/2014/06/23/8 http://www.openwall.com/lists/oss-security/2014/06/24/6 http://www.openwall.com/lists/oss-security/2014/06/25/6 http://www.securityfocus.com/bid/68149 http://www.ubuntu.com/usn/USN-2311-1 https://access.redhat.com/security/cve/CVE-2014-46 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-3555 – openstack-neutron: Denial of Service in Neutron allowed address pair

https://notcve.org/view.php?id=CVE-2014-3555

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (caída o actualizaciones de normas largas de firewall) mediante la creación de un número grande de parejas de direcciones permitidas. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable. • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html http://rhn.redhat.com/errata/RHSA-2014-1119.html http://rhn.redhat.com/errata/RHSA-2014-1120.html http://seclists.org/oss-sec/2014/q3/200 http://secunia.com/advisories/60766 http://secunia.com/advisories/60804 http://www.securityfocus.com/bid/68765 https://bugs.launchpad.net/neutron/+bug/1336207 https://access.redhat.com/security/cve/CVE-2014-3555 https://bugzilla.redhat.com/show_bug.cgi • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •