CVE-2018-14636
- EPSS 1.17%
- Veröffentlicht 10.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:28
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after t...
CVE-2018-14635
- EPSS 2.53%
- Veröffentlicht 10.09.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:28
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existin...
CVE-2017-7543
- EPSS 1.85%
- Veröffentlicht 26.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:07
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the ...
CVE-2016-5363
- EPSS 3.24%
- Veröffentlicht 17.06.2016 15:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted ...
CVE-2016-5362
- EPSS 3.41%
- Veröffentlicht 17.06.2016 15:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHC...
CVE-2015-8914
- EPSS 4.25%
- Veröffentlicht 17.06.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-loca...
CVE-2015-5240
- EPSS 0.96%
- Veröffentlicht 27.10.2015 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to...
- EPSS 11.34%
- Veröffentlicht 26.08.2015 19:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the i...
- EPSS 1.92%
- Veröffentlicht 15.01.2015 15:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet t...
- EPSS 3.94%
- Veröffentlicht 24.11.2014 15:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.