CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7543 – openstack-neutron: iptables not active after update
https://notcve.org/view.php?id=CVE-2017-7543
08 Aug 2017 — A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Se ha descubierto una condición de ... • http://www.securityfocus.com/bid/100237 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2015-8914 – openstack-neutron: ICMPv6 source address spoofing vulnerability
https://notcve.org/view.php?id=CVE-2015-8914
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección ICMPv6-spoofing y consecuentemente causar una denegación de servi... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 8.2EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5362 – openstack-neutron: DHCP spoofing vulnerability
https://notcve.org/view.php?id=CVE-2016-5362
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección DHCP-spoofing y consecuentemente causar una denegación de serv... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 8.2EPSS: 1%CPEs: 7EXPL: 0CVE-2016-5363 – openstack-neutron: MAC source address spoofing vulnerability
https://notcve.org/view.php?id=CVE-2016-5363
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo de protección destinado a suplantar una MAC y consecuen... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5240 – openstack-neutron: Firewall rules bypass through port update
https://notcve.org/view.php?id=CVE-2015-5240
16 Oct 2015 — Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. Condición de carrera en OpenStack Neutron en versiones anteriores 2014.2.4 and 2015.1 en versiones anteriores 2015.1.2, cuando se utiliza el plugin ML2 o los grupos de seguridad de API AMQP, permi... • http://rhn.redhat.com/errata/RHSA-2015-1909.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 8%CPEs: 2EXPL: 1CVE-2015-3221 – GeniXCMS 0.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3221
24 Aug 2015 — OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. Vulnerabilidad en OpenStack Neutron en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.1 (kilo), cuando se usa el controlador del firewall IPTables, permite a usuarios remotos autenticados causar una denegación de se... • https://www.exploit-db.com/exploits/37360 • CWE-20: Improper Input Validation CWE-248: Uncaught Exception •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8153
https://notcve.org/view.php?id=CVE-2014-8153
15 Jan 2015 — The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. El agente L3 en OpenStack Neutron 2014.2.x anterior a 2014.2.2, cuando utiliza radvd 2.0+, permite a usuarios remotos autenticados causar una denegación de servicio (el procesamiento de la actualización de routers bloqueado) mediante la creación de ocho ... • http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-7821 – openstack-neutron: DoS via maliciously crafted dns_nameservers
https://notcve.org/view.php?id=CVE-2014-7821
24 Nov 2014 — OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. OpenStack Neutron anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un valor dns_nameservers manipulado en la configuración DNS. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' paramete... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6414 – openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
https://notcve.org/view.php?id=CVE-2014-6414
02 Oct 2014 — OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. OpenStack Neutron anterior a 2014.2.4 y 2014.1 anterior a 2014.1.2 permite a usuarios remotos autenticados configurar los atributos de la red de administración a los valores por defecto a través de vectores no especificados. It was discovered that unprivileged users could in some cases reset admin-only network attributes to their default va... • http://rhn.redhat.com/errata/RHSA-2014-1686.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3632 – openstack-neutron: regression of fix for CVE-2013-6433
https://notcve.org/view.php?id=CVE-2014-3632
30 Sep 2014 — The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. La configuración por defecto en un fichero sudoers en el paquete Red Hat openstack-neutron anterior a 2014.1.2-4, utilizado en Red Hat Enterprise Linux Open Stack Platf... • http://rhn.redhat.com/errata/RHSA-2014-1339.html • CWE-264: Permissions, Privileges, and Access Controls •