5 matches found
Authorization Bypass
openstack-neutron is vulnerable to authorization bypass. An authenticated user is able to bypass security group restrictions with an invalid CIDR to add a security group rule which would cause the openvswitch-agent process to fail and prevent further rules from being applied...
CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...
CVE-2014-0592
Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...
CVE-2014-0592
CVE-2014-0592 concerns Barclamp (aka barclamp-network) version 1.7 used in SUSE Cloud 3. It reports that the Crowbar Framework component does not enable netfilter on bridges when creating new instances, allowing remote attackers to bypass security group restrictions via unspecified vectors relate...