Lucene search
K

4 matches found

CVE
CVE
added 2026/06/04 4:18 p.m.25 views

CVE-2026-50266

OpenStack Neutron before 28.0.1 is affected. A port on a shared network owned by another project can be created or updated by a project manager with device_owner starting with a network: prefix (e.g., network:dhcp). The default RBAC policies did not require network ownership, allowing access to t...

2.2CVSS5.8AI score0.00262EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/04 4:18 p.m.38 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

3.5CVSS7.5AI score0.00963EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/10/15 4:9 p.m.6 views

openstack-neutron: Firewall rules bypass through port update

A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking neutron. An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking...

3.5CVSS5.8AI score0.00963EPSS
Exploits0References4
Rows per page
Query Builder