VYPR

rpm package

suse/crowbar-barclamp-neutron&distro=SUSE OpenStack Cloud 5

pkg:rpm/suse/crowbar-barclamp-neutron&distro=SUSE%20OpenStack%20Cloud%205

Vulnerabilities (3)

  • CVE-2015-5240Oct 27, 2015
    affected < 1.9+git.1443859419.95e948a-12.2fixed 1.9+git.1443859419.95e948a-12.2

    Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before th

  • CVE-2015-3221Aug 26, 2015
    affected < 1.9+git.1443859419.95e948a-12.2fixed 1.9+git.1443859419.95e948a-12.2

    OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

  • CVE-2015-0259Apr 1, 2015
    affected < 1.9+git.1438265717.eb633ae-9.8fixed 1.9+git.1438265717.eb633ae-9.8

    OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.