405 matches found
CVE-2013-6433
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...
CVE-2013-6433
The CVE-2013-6433 issue affects the Red Hat openstack-neutron package: its default configuration prior to 2013.2.3-7 does not properly set a rootwrap configuration file, enabling privilege escalation by an attacker via a crafted config. The impact is privilege escalation with network-exposed vect...
CVE-2013-6433
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...
UBUNTU-CVE-2013-6433
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...
Fedora Update for openstack-neutron FEDORA-2014-6520
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openstack-neutron: insufficient authorization checks when creating ports
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
DEBIAN-CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
CVE-2014-0056
CVE-2014-0056 affects OpenStack Neutron l3-agent (2012.2 before 2013.2.3). The issue: tenant-id not checked when creating ports, allowing remote authenticated users to connect ports to the routers of arbitrary tenants via the device-id in a port-create command. CVSSv2 base score 2.1 (LOW), attack...
[USN-2194-1] OpenStack Neutron vulnerability
========================================================================== Ubuntu Security Notice USN-2194-1 May 05, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
Ubuntu 13.10 : neutron vulnerability (USN-2194-1)
Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants. Note that Tenable Network Security has extracted t...
USN-2194-1: OpenStack Neutron vulnerability
Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants...
DEBIAN-CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
Security feature bypass
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
CVE-2014-0187
CVE-2014-0187 affects OpenStack Neutron where openvswitch-agent could bypass security group rules by using an invalid CIDR in a security group rule, preventing subsequent rules from applying. The issue affected OpenStack Neutron releases prior to 2013.2.4 (and 2014.1 prior to 2014.1.1); multiple ...