Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Neutron
(Openstack)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-17 | CVE-2015-8914 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | Neutron | 9.1 | ||
| 2015-01-15 | CVE-2014-8153 | The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. | Router_advertisement_daemon, Neutron | N/A | ||
| 2014-10-02 | CVE-2014-6414 | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | Ubuntu_linux, Neutron | N/A | ||
| 2014-08-19 | CVE-2014-4615 | The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | Ubuntu_linux, Neutron, Oslo, Pycadf, Telemetry_\(Ceilometer\), Openstack | N/A | ||
| 2014-07-11 | CVE-2014-4167 | The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | Ubuntu_linux, Neutron | N/A | ||
| 2014-04-28 | CVE-2014-0187 | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | Ubuntu_linux, Neutron, Opensuse | N/A | ||
| 2014-06-02 | CVE-2013-6433 | The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | Ubuntu_linux, Neutron | N/A |