threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openstack neutron
Product
openstack neutron
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-4178
< b1130.1.0.1
Authentication Bypass by Spoofing vulnerability in Neutron Smart VMS allows Authentication Bypass. This issue affects Neu
9.8
CRITICAL
CVE-2022-3277
< 18.6.0
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a
6.5
MEDIUM
CVE-2021-40797
< 16.4.1
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. B
6.5
MEDIUM
CVE-2021-40085
< 16.4.1
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers ca
6.5
MEDIUM
CVE-2021-38598
< 16.4.1
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver
9.1
CRITICAL
CVE-2021-20267
< 16.3.3
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in contr
7.1
HIGH
CVE-2019-10876
>= 11.0.0 and < 11.0.7
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two secur
6.5
MEDIUM
CVE-2019-9735
< 10.0.8
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6
6.5
MEDIUM
CVE-2018-14636
>= 7.0.0 and <= 11.0.4
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be
5.3
MEDIUM
CVE-2018-14635
>= 11.0.0 and <= 11.0.5
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP addres
6.5
MEDIUM
CVE-2017-7543
>= 7.0.0 and < 7.2.0-12.1
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x
5.3
MEDIUM
CVE-2016-5363
all versions
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-
8.2
HIGH
CVE-2016-5362
>= 7.0.0 and < 7.0.4
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP
8.2
HIGH
CVE-2015-8914
>= 7.0.0 and < 7.0.4
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMP
9.1
CRITICAL
CVE-2015-5240
all versions
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups A
CVE-2015-3221
>= 2014.2 and < 2014.2.4
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remo
CVE-2014-8153
all versions
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a de
CVE-2014-7821
>= 2012.2.1 and < 2014.1.4
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (cra
CVE-2014-3632
>= 2014.1 and <= 2014.1.2
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterpr
CVE-2014-6414
>= 2013.2 and <= 2013.2.4
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to
CVE-2014-4615
all versions
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 201
CVE-2014-3555
all versions
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a den
CVE-2014-4167
>= 2011.1 and <= 2013.2.3
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated user
CVE-2013-6433
>= 2013.1 and <= 2013.2.3
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file fo
CVE-2014-0056
all versions
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote aut
CVE-2014-0187
all versions
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated u
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin