Neutron Security Vulnerabilities and Issues — Neutron CVE List

Lucene search

OpenstackNeutron

9 matches found

CVE•added 2014/07/23 2:55 p.m.•70 views

CVE-2014-3555

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

4CVSS6.1AI score0.01022EPSS

CVE•added 2014/06/02 3:55 p.m.•65 views

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

7.6CVSS6.6AI score0.01556EPSS

CVE•added 2014/05/08 2:29 p.m.•60 views

CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

2.1CVSS6.2AI score0.00216EPSS

CVE•added 2014/10/07 2:55 p.m.•58 views

CVE-2014-3632

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability e...

7.6CVSS6.6AI score0.01556EPSS

CVE•added 2014/04/28 2:9 p.m.•57 views

CVE-2014-0187

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

9CVSS6.1AI score0.00428EPSS

CVE•added 2014/07/11 2:55 p.m.•54 views

CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

3.5CVSS6.1AI score0.00558EPSS

CVE•added 2014/11/24 3:59 p.m.•53 views

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

4CVSS6.1AI score0.0214EPSS

CVE•added 2014/08/19 6:55 p.m.•50 views

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/m...

5CVSS5.9AI score0.0075EPSS

CVE•added 2014/10/02 2:55 p.m.•44 views

CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

4CVSS6.1AI score0.00573EPSS