Lucene search
+L

765 matches found

OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-856 OpenStack Neutron Improper Input Validation vulnerability

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

4CVSS6AI score0.11342EPSS
Exploits0References12
PyPA
PyPA
added 2026/07/06 8:3 a.m.5 views

OpenStack Neutron Improper Input Validation vulnerability

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

4CVSS7.1AI score0.11342EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-686 OpenStack Neutron Race Condition vulnerability

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

5.9CVSS5.9AI score0.01847EPSS
Exploits0References14
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Neutron Race Condition vulnerability

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

5.9CVSS6.2AI score0.01847EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-431 OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

9.1CVSS7AI score0.04248EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.12 views

SUSE CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.3AI score0.00262EPSS
Exploits0References3
Debian
Debian
added 2026/06/11 6:48 p.m.10 views

[SECURITY] [DSA 6340-1] neutron security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2026 https://www.debian.org/security/faq -...

2.2CVSS5.3AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.14 views

CVE-2026-50266

A flaw was found in OpenStack Neutron. A project manager can exploit this vulnerability by creating or updating a port on a shared network and setting the deviceowner to a specific value. This bypasses default access controls, allowing the project manager to obtain trusted network-service port...

6.6CVSS5.1AI score0.00262EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Debian dsa-6340 : neutron-api - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6340 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz...

2.2CVSS5.4AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.12 views

CVE-2026-49299

A flaw was found in OpenStack Neutron. The tagging controller incorrectly enforces plural policy action names for single-tag write operations, while the defined policy rules use singular names. This mismatch allows a project reader to bypass intended policy restrictions, enabling them to create a...

5.3CVSS5.7AI score0.00295EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-50266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value th...

3.5CVSS7.2AI score0.00963EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 5:16 p.m.20 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References6
OSV
OSV
added 2026/06/04 5:16 p.m.10 views

UBUNTU-CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.3AI score0.00262EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/04 4:18 p.m.10 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.8AI score0.00262EPSS
Exploits0
CVE
CVE
added 2026/06/04 4:18 p.m.28 views

CVE-2026-50266

OpenStack Neutron before 28.0.1 is affected. A port on a shared network owned by another project can be created or updated by a project manager with device_owner starting with a network: prefix (e.g., network:dhcp). The default RBAC policies did not require network ownership, allowing access to t...

2.2CVSS5.8AI score0.00262EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 4:18 p.m.11 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.8AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 4:18 p.m.3 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS6AI score0.00262EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/04 4:18 p.m.39 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 4:18 p.m.8 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

3.5CVSS7.1AI score0.00963EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/04 4:18 p.m.11 views

EUVD-2026-34301

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

3.5CVSS7.1AI score0.00963EPSS
Exploits0References5
Rows per page
Query Builder