Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe

Filtered by product Neutron

Total 25 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-4615	3 Canonical, Openstack, Redhat	6 Ubuntu Linux, Neutron, Oslo and 3 more	2024-02-04	5.0 MEDIUM	N/A
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
CVE-2014-8153	2 Litech, Openstack	2 Router Advertisement Daemon, Neutron	2024-02-04	4.0 MEDIUM	N/A
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
CVE-2014-0187	3 Canonical, Openstack, Opensuse	3 Ubuntu Linux, Neutron, Opensuse	2024-02-04	9.0 HIGH	N/A
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
CVE-2014-3555	1 Openstack	1 Neutron	2024-02-04	4.0 MEDIUM	N/A
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
CVE-2014-3632	1 Openstack	1 Neutron	2024-02-04	7.6 HIGH	N/A
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.