Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe
Filtered by product Neutron
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3632 1 Openstack 1 Neutron 2024-11-21 7.6 HIGH N/A
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
CVE-2014-3555 1 Openstack 1 Neutron 2024-11-21 4.0 MEDIUM N/A
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
CVE-2014-0187 3 Canonical, Openstack, Opensuse 3 Ubuntu Linux, Neutron, Opensuse 2024-11-21 9.0 HIGH N/A
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
CVE-2014-0056 2 Canonical, Openstack 2 Ubuntu Linux, Neutron 2024-11-21 2.1 LOW N/A
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
CVE-2013-6433 2 Canonical, Openstack 2 Ubuntu Linux, Neutron 2024-11-21 7.6 HIGH N/A
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.