Vulnerabilities > Openstack > Neutron
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2022-3277 | Resource Exhaustion vulnerability in multiple products An uncontrolled resource consumption flaw was found in openstack-neutron. | 6.5 |
| 2021-09-08 | CVE-2021-40797 | Missing Release of Resource after Effective Lifetime vulnerability in Openstack Neutron An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. | 6.5 |
| 2021-08-31 | CVE-2021-40085 | An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. | 6.5 |
| 2021-08-23 | CVE-2021-38598 | Authentication Bypass by Spoofing vulnerability in Openstack Neutron OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. | 9.1 |
| 2021-05-28 | CVE-2021-20267 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in openstack-neutron's default Open vSwitch firewall rules. | 7.1 |
| 2019-04-05 | CVE-2019-10876 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. | 6.5 |
| 2019-03-13 | CVE-2019-9735 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. | 6.5 |
| 2018-09-10 | CVE-2018-14636 | Unspecified vulnerability in Openstack Neutron Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. | 5.3 |
| 2018-09-10 | CVE-2018-14635 | Improper Input Validation vulnerability in multiple products When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. | 6.5 |
| 2018-07-26 | CVE-2017-7543 | Race Condition vulnerability in multiple products A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. | 5.9 |