rpm package
suse/openstack-nova&distro=SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
pkg:rpm/suse/openstack-nova&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7713 | — | < 2014.2.4~a0~dev80-14.1 | 2014.2.4~a0~dev80-14.1 | Oct 29, 2015 | OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | ||
| CVE-2015-5240 | — | < 2014.2.4~a0~dev80-14.1 | 2014.2.4~a0~dev80-14.1 | Oct 27, 2015 | Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before th | ||
| CVE-2015-3280 | — | < 2014.2.4~a0~dev80-14.1 | 2014.2.4~a0~dev80-14.1 | Oct 26, 2015 | OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | ||
| CVE-2015-3241 | — | < 2014.2.4~a0~dev80-14.1 | 2014.2.4~a0~dev80-14.1 | Sep 8, 2015 | OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then dele | ||
| CVE-2015-3221 | — | < 2014.2.4~a0~dev80-14.1 | 2014.2.4~a0~dev80-14.1 | Aug 26, 2015 | OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. | ||
| CVE-2015-0259 | — | < 2014.2.4~a0~dev61-6.2 | 2014.2.4~a0~dev61-6.2 | Apr 1, 2015 | OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. |
- CVE-2015-7713Oct 29, 2015affected < 2014.2.4~a0~dev80-14.1fixed 2014.2.4~a0~dev80-14.1
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
- CVE-2015-5240Oct 27, 2015affected < 2014.2.4~a0~dev80-14.1fixed 2014.2.4~a0~dev80-14.1
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before th
- CVE-2015-3280Oct 26, 2015affected < 2014.2.4~a0~dev80-14.1fixed 2014.2.4~a0~dev80-14.1
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
- CVE-2015-3241Sep 8, 2015affected < 2014.2.4~a0~dev80-14.1fixed 2014.2.4~a0~dev80-14.1
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then dele
- CVE-2015-3221Aug 26, 2015affected < 2014.2.4~a0~dev80-14.1fixed 2014.2.4~a0~dev80-14.1
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
- CVE-2015-0259Apr 1, 2015affected < 2014.2.4~a0~dev61-6.2fixed 2014.2.4~a0~dev61-6.2
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.