Debian dsa-6340 : neutron-api - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6340 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz...

EUVD-2021-0142

Malware in sbrugna...

EUVD-2018-0102

Malware in sbrugna...

EUVD-2014-7687

Malware in sbrugna...

EUVD-2022-2893

Malicious code in bioql PyPI...

EUVD-2022-2417

Malicious code in bioql PyPI...

RHEL 7 : openstack-neutron (RHSA-2014:1942)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1942 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

Incorrect ID During Policy Enforcement

neutron is vulnerable to an incorrect ID during policy enforcement. The vulnerability is due to an issue in neutron/extensions/tagging.py, where an incorrect ID is used, allowing attackers to manipulate network resources and leading to unauthorized access or bypassing security policies...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2023-3637 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2023-3637 Source advisory: OSV:GHSA-R3JH-QHGJ-GVR8...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-38598 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-38598 Source advisory: OSV:GHSA-HVM4-MC7M-22W4...

GHSA-HHPJ-6PJ7-WPX5 OpenStack Neutron Race condition vulnerability

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

GHSA-3VJ4-CVJP-482H OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

OpenStack 安全漏洞

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. OpenStack Neutron has a security vulnerability that can be exploited by attackers to conduct denial-of-service attacks...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-40085 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-40085 Source advisory: OSV:PYSEC-2021-361...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +7 more potentially affected by CVE-2021-20267 via neutron (>=12.1.1 <=15.0.0.0rc2)

neutron PYPI version =12.1.1, =8.0.1, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-20267 Source advisory: OSV:PYSEC-2021-136...

Design/Logic Flaw

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

OpenStack Neutron Information Disclosure Vulnerability

OpenStack is a cloud platform management project. neutron is one of the networking components that provides network-as-a-service, enabling the creation of networks between OpenStack services, access to network devices into the mesh, and more. A remote information disclosure vulnerability exists i...

CVE-2015-3221

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

Ubuntu 13.10 : neutron vulnerability (USN-2194-1)

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants. Note that Tenable Network Security has extracted t...