VYPR

rpm package

suse/openstack-neutron&distro=SUSE OpenStack Cloud 5

pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%205

Vulnerabilities (3)

  • CVE-2015-5240Oct 27, 2015
    affected < 2014.2.4~a0~dev103-16.2fixed 2014.2.4~a0~dev103-16.2

    Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before th

  • CVE-2015-3221Aug 26, 2015
    affected < 2014.2.4~a0~dev103-16.2fixed 2014.2.4~a0~dev103-16.2

    OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

  • CVE-2015-0259Apr 1, 2015
    affected < 2014.2.4~a0~dev78-13.4fixed 2014.2.4~a0~dev78-13.4

    OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.