CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5240 – openstack-neutron: Firewall rules bypass through port update
https://notcve.org/view.php?id=CVE-2015-5240
16 Oct 2015 — Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. Condición de carrera en OpenStack Neutron en versiones anteriores 2014.2.4 and 2015.1 en versiones anteriores 2015.1.2, cuando se utiliza el plugin ML2 o los grupos de seguridad de API AMQP, permi... • http://rhn.redhat.com/errata/RHSA-2015-1909.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 8%CPEs: 2EXPL: 1CVE-2015-3221 – GeniXCMS 0.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3221
24 Aug 2015 — OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. Vulnerabilidad en OpenStack Neutron en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.1 (kilo), cuando se usa el controlador del firewall IPTables, permite a usuarios remotos autenticados causar una denegación de se... • https://www.exploit-db.com/exploits/37360 • CWE-20: Improper Input Validation CWE-248: Uncaught Exception •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6414 – openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
https://notcve.org/view.php?id=CVE-2014-6414
02 Oct 2014 — OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administración a los valores por defecto a través de vectores no especificados. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default va... • http://rhn.redhat.com/errata/RHSA-2014-1686.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4615 – pycadf: token leak to message queue
https://notcve.org/view.php?id=CVE-2014-4615
11 Aug 2014 — The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). El middleware notificador en OpenStack PyCADF 0.5.0 y anteriores, Telemetry (Ceilometer) 2013.2 anterior a 2013.2.4 y 2014.x anterior a 2014.1.2, Neutron 2014.x anterior a 2014.1.2 y Juno ante... • http://rhn.redhat.com/errata/RHSA-2014-1050.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-3555 – openstack-neutron: Denial of Service in Neutron allowed address pair
https://notcve.org/view.php?id=CVE-2014-3555
23 Jul 2014 — OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (caída o actualizaciones de normas largas de firewall) mediante la creación de un número grande de parejas de d... • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •