CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3277 – openstack-neutron: unrestricted creation of security groups
https://notcve.org/view.php?id=CVE-2022-3277
08 Dec 2022 — An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. • https://bugs.launchpad.net/neutron/+bug/1988026 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-40797 – openstack-neutron: Routes middleware memory leak for nonexistent controllers
https://notcve.org/view.php?id=CVE-2021-40797
08 Sep 2021 — An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. Se ha detectado un problema en el middleware de rutas en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.... • http://www.openwall.com/lists/oss-security/2021/09/09/2 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 1CVE-2021-40085 – openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
https://notcve.org/view.php?id=CVE-2021-40085
31 Aug 2021 — An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. Se ha detectado un problema en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.1.1. Unos atacantes autenticados pueden reconfigurar dnsmasq por medio de un valor extra_dhcp_opts diseñado An input-validation flaw was found in openstack-neutron, where an a... • http://www.openwall.com/lists/oss-security/2021/08/31/2 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-38598 – Ubuntu Security Notice USN-6067-1
https://notcve.org/view.php?id=CVE-2021-38598
23 Aug 2021 — OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. OpenStack Neutron versiones an... • https://launchpad.net/bugs/1938670 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20267 – Ubuntu Security Notice USN-6067-1
https://notcve.org/view.php?id=CVE-2021-20267
28 May 2021 — A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neut... • https://bugzilla.redhat.com/show_bug.cgi?id=1934330 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10876 – openstack-neutron: DOS via broken port range merging in security group
https://notcve.org/view.php?id=CVE-2019-10876
05 Apr 2019 — An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. Se ha descubierto un problema en OpenStack Neutron, en las versi... • http://www.openwall.com/lists/oss-security/2019/04/09/2 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 4%CPEs: 8EXPL: 1CVE-2019-9735 – openstack-neutron: incorrect validation of port settings in iptables security group driver
https://notcve.org/view.php?id=CVE-2019-9735
13 Mar 2019 — An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affe... • http://www.openwall.com/lists/oss-security/2019/03/18/2 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14636
https://notcve.org/view.php?id=CVE-2018-14636
10 Sep 2018 — Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be ... • https://bugs.launchpad.net/neutron/+bug/1734320 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-14635 – openstack-neutron: A router interface out of subnet IP range results in a denial of service
https://notcve.org/view.php?id=CVE-2018-14635
10 Sep 2018 — When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. Al emplear el controlador de Linux bridge ml2, los inquilinos sin privilegios pueden crear y adj... • https://access.redhat.com/errata/RHSA-2018:2710 • CWE-20: Improper Input Validation •