Every CVE whose affected-product data names Openstack Neutron, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2015-8914 — CVSS 9.1 (critical): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended…
CVE-2021-38598 — CVSS 9.1 (critical): OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with…
CVE-2014-0187 — CVSS 9.0 (critical): The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to…
CVE-2016-5362 — CVSS 8.2 (high): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing…
CVE-2016-5363 — CVSS 8.2 (high): The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing…
CVE-2013-6433 — CVSS 7.6 (high): The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for…
CVE-2014-3632 — CVSS 7.6 (high): The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux…
CVE-2021-20267 — CVSS 7.1 (high): A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a…
CVE-2022-3277 — CVSS 6.5 (medium): An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of…
CVE-2018-14635 — CVSS 6.5 (medium): When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address…
CVE-2019-10876 — CVSS 6.5 (medium): An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security…
CVE-2019-9735 — CVSS 6.5 (medium): An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and…
CVE-2021-40085 — CVSS 6.5 (medium): An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can…
CVE-2021-40797 — CVSS 6.5 (medium): An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making…
CVE-2017-7543 — CVSS 5.3 (medium): A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before…
CVE-2018-14636 — CVSS 5.3 (medium): Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended…
CVE-2014-4615 — CVSS 5.0 (medium): The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2…
CVE-2014-8153 — CVSS 4.0 (medium): The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of…
CVE-2015-3221 — CVSS 4.0 (medium): OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote…
CVE-2014-3555 — CVSS 4.0 (medium): OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of…
CVE-2014-7821 — CVSS 4.0 (medium): OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a…
CVE-2014-6414 — CVSS 4.0 (medium): OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default…
CVE-2015-5240 — CVSS 3.5 (low): Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API…
CVE-2014-4167 — CVSS 3.5 (low): The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to…
CVE-2014-0056 — CVSS 2.1 (low): The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote…