Vulnerabilities > Openstack > Neutron

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-3277 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption flaw was found in openstack-neutron.
network
low complexity
redhat openstack CWE-400
6.5
2021-09-08 CVE-2021-40797 Missing Release of Resource after Effective Lifetime vulnerability in Openstack Neutron
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.
network
low complexity
openstack CWE-772
6.5
2021-08-31 CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.
network
low complexity
openstack debian
6.5
2021-08-23 CVE-2021-38598 Authentication Bypass by Spoofing vulnerability in Openstack Neutron
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform.
network
low complexity
openstack CWE-290
critical
9.1
2021-05-28 CVE-2021-20267 A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
network
low complexity
openstack redhat
7.1
2019-04-05 CVE-2019-10876 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat
6.5
2019-03-13 CVE-2019-9735 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat debian CWE-755
6.5
2018-09-10 CVE-2018-14636 Unspecified vulnerability in Openstack Neutron
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor.
network
high complexity
openstack
5.3
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
2018-07-26 CVE-2017-7543 A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled.
network
high complexity
openstack redhat
5.9