Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/118079?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "type": "deb", "namespace": "debian", "name": "neutron", "version": "2:28.0.0-6", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2:28.0.0-7", "latest_non_vulnerable_version": "2:28.0.0-7", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35848?format=api", "vulnerability_id": "VCID-1444-3h31-3kdv", "summary": "OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33664", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33562", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38598" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf" }, { "reference_url": "https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml" }, { "reference_url": "https://launchpad.net/bugs/1938670", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1938670" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38598" }, { "reference_url": "https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995273", "reference_id": "1995273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995273" }, { "reference_url": "https://github.com/advisories/GHSA-hvm4-mc7m-22w4", "reference_id": "GHSA-hvm4-mc7m-22w4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvm4-mc7m-22w4" }, { "reference_url": "https://usn.ubuntu.com/6067-1/", "reference_id": "USN-6067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118103?format=api", "purl": "pkg:deb/debian/neutron@2:18.1.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:18.1.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-38598", "GHSA-hvm4-mc7m-22w4", "PYSEC-2021-360" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1444-3h31-3kdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94853?format=api", "vulnerability_id": "VCID-3dqh-f7uy-mkhp", "summary": "Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1909.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1909.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1909", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1909" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5240.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5240.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5240", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5240" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31762", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38679", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5240" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1489111", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1489111" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5240" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38" }, { "reference_url": "https://github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2" }, { "reference_url": "https://github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5240", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5240" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-018.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/08/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/08/9" }, { "reference_url": "https://github.com/advisories/GHSA-hhpj-6pj7-wpx5", "reference_id": "GHSA-hhpj-6pj7-wpx5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhpj-6pj7-wpx5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118093?format=api", "purl": "pkg:deb/debian/neutron@1:7.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@1:7.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5240", "GHSA-hhpj-6pj7-wpx5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dqh-f7uy-mkhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35863?format=api", "vulnerability_id": "VCID-69mn-brsx-xydy", "summary": "An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.72315", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.72273", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml" }, { "reference_url": "https://launchpad.net/bugs/1942179", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1942179" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40797", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40797" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-006.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/09/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/09/09/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003248", "reference_id": "2003248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003248" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202", "reference_id": "994202", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202" }, { "reference_url": "https://github.com/advisories/GHSA-cpx3-696p-3cw9", "reference_id": "GHSA-cpx3-696p-3cw9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cpx3-696p-3cw9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0990", "reference_id": "RHSA-2022:0990", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0996", "reference_id": "RHSA-2022:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0996" }, { "reference_url": "https://usn.ubuntu.com/6067-1/", "reference_id": "USN-6067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118106?format=api", "purl": "pkg:deb/debian/neutron@2:19.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:19.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-40797", "GHSA-cpx3-696p-3cw9", "PYSEC-2021-329" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69mn-brsx-xydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43980?format=api", "vulnerability_id": "VCID-6mxz-st39-zyh3", "summary": "OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism\nThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1474", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1474" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8914.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06657", "scoring_system": "epss", "scoring_elements": "0.91379", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06657", "scoring_system": "epss", "scoring_elements": "0.91393", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8914" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1502933", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1502933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8914", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8914" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/1d1159bb2b57f0b4193f8666f53736f05bf7eac9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/neutron/commit/1d1159bb2b57f0b4193f8666f53736f05bf7eac9" }, { "reference_url": "https://github.com/openstack/neutron/commit/3e66b1a87544d7a127abceec13bfeacb8f18f7e1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/neutron/commit/3e66b1a87544d7a127abceec13bfeacb8f18f7e1" }, { "reference_url": "https://review.openstack.org/#/c/300233", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/300233" }, { "reference_url": "https://review.openstack.org/#/c/310648", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/310648" }, { "reference_url": "https://review.openstack.org/#/c/310652", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/310652" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-009.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345892", "reference_id": "1345892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345892" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8914", "reference_id": "CVE-2015-8914", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8914" }, { "reference_url": "https://github.com/advisories/GHSA-3vj4-cvjp-482h", "reference_id": "GHSA-3vj4-cvjp-482h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3vj4-cvjp-482h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118094?format=api", "purl": "pkg:deb/debian/neutron@2:8.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:8.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8914", "GHSA-3vj4-cvjp-482h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxz-st39-zyh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40115?format=api", "vulnerability_id": "VCID-737y-rfry-dqed", "summary": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)\nA race-condition flaw was discovered in openstack-neutron: following a minor overcloud update, neutron security groups were disabled.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2448", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2449", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2452", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2452" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7543.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7543.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2017-7543", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2017-7543" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64359", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473792", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/neutron" }, { "reference_url": "https://web.archive.org/web/20200227153412/https://www.securityfocus.com/bid/100237", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227153412/https://www.securityfocus.com/bid/100237" }, { "reference_url": "http://www.securityfocus.com/bid/100237", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100237" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7543", "reference_id": "CVE-2017-7543", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7543" }, { "reference_url": "https://github.com/advisories/GHSA-hvxr-2fvv-c3wq", "reference_id": "GHSA-hvxr-2fvv-c3wq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hvxr-2fvv-c3wq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118086?format=api", "purl": "pkg:deb/debian/neutron@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7543", "GHSA-hvxr-2fvv-c3wq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-737y-rfry-dqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94850?format=api", "vulnerability_id": "VCID-a2za-qv7v-akh6", "summary": "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69081", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69121", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142012", "reference_id": "1142012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1686", "reference_id": "RHSA-2014:1686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1785", "reference_id": "RHSA-2014:1785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1786", "reference_id": "RHSA-2014:1786", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1786" }, { "reference_url": "https://usn.ubuntu.com/2408-1/", "reference_id": "USN-2408-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2408-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118088?format=api", "purl": "pkg:deb/debian/neutron@2014.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-6414" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2za-qv7v-akh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94845?format=api", "vulnerability_id": "VCID-a3dy-64ev-hkbu", "summary": "PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51069", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51131", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064163", "reference_id": "1064163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0233", "reference_id": "RHSA-2014:0233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118082?format=api", "purl": "pkg:deb/debian/neutron@2014.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0071" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3dy-64ev-hkbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94848?format=api", "vulnerability_id": "VCID-ca2h-qmkg-m7c1", "summary": "The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3632.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01213", "scoring_system": "epss", "scoring_elements": "0.7933", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01213", "scoring_system": "epss", "scoring_elements": "0.79356", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1140949", "reference_id": "1140949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1140949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1339", "reference_id": "RHSA-2014:1339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1339" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118086?format=api", "purl": "pkg:deb/debian/neutron@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3632" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca2h-qmkg-m7c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44060?format=api", "vulnerability_id": "VCID-cwwz-4a6e-tugg", "summary": "OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism\nThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1474", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1474" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0631", "scoring_system": "epss", "scoring_elements": "0.91115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0631", "scoring_system": "epss", "scoring_elements": "0.91128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5362" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1558658", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1558658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://review.openstack.org/#/c/300202", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/300202" }, { "reference_url": "https://review.openstack.org/#/c/303563", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/303563" }, { "reference_url": "https://review.openstack.org/#/c/303572", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/303572" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-009.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345889", "reference_id": "1345889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345889" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5362", "reference_id": "CVE-2016-5362", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5362" }, { "reference_url": "https://github.com/advisories/GHSA-qpwc-p365-pqrr", "reference_id": "GHSA-qpwc-p365-pqrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qpwc-p365-pqrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118094?format=api", "purl": "pkg:deb/debian/neutron@2:8.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:8.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5362", "GHSA-qpwc-p365-pqrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwwz-4a6e-tugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94842?format=api", "vulnerability_id": "VCID-dzcj-vagh-mqdr", "summary": "The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6433.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01608", "scoring_system": "epss", "scoring_elements": "0.82089", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01608", "scoring_system": "epss", "scoring_elements": "0.82118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6433" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039812", "reference_id": "1039812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039812" }, { "reference_url": "https://usn.ubuntu.com/2255-1/", "reference_id": "USN-2255-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2255-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118082?format=api", "purl": "pkg:deb/debian/neutron@2014.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6433" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzcj-vagh-mqdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44615?format=api", "vulnerability_id": "VCID-ecp9-x6p6-7fa2", "summary": "openstack-neutron uncontrolled resource consumption flaw\nAn uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.6115", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61198", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3277" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1988026", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1988026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129193", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e" }, { "reference_url": "https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316" }, { "reference_url": "https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c" }, { "reference_url": "https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1" }, { "reference_url": "https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476" }, { "reference_url": "https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150", "reference_id": "1027150", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3277", "reference_id": "CVE-2022-3277", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3277" }, { "reference_url": "https://github.com/advisories/GHSA-w446-h7vg-wv3p", "reference_id": "GHSA-w446-h7vg-wv3p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w446-h7vg-wv3p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8855", "reference_id": "RHSA-2022:8855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8870", "reference_id": "RHSA-2022:8870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0275", "reference_id": "RHSA-2023:0275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0275" }, { "reference_url": "https://usn.ubuntu.com/6067-1/", "reference_id": "USN-6067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118109?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0~rc1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0~rc1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-3277", "GHSA-w446-h7vg-wv3p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecp9-x6p6-7fa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94846?format=api", "vulnerability_id": "VCID-gshp-5zsu-k7aa", "summary": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50143", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50204", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132", "reference_id": "1090132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0899", "reference_id": "RHSA-2014:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0899" }, { "reference_url": "https://usn.ubuntu.com/2255-1/", "reference_id": "USN-2255-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2255-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118084?format=api", "purl": "pkg:deb/debian/neutron@2014.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0187" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gshp-5zsu-k7aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94867?format=api", "vulnerability_id": "VCID-hzer-w69h-uyah", "summary": "In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-49299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-49299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49299" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138172", "reference_id": "1138172", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138172" }, { "reference_url": "https://bugs.launchpad.net/bugs/2150132", "reference_id": "2150132", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:04:25Z/" } ], "url": "https://bugs.launchpad.net/bugs/2150132" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/05/28/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:04:25Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/05/28/8" }, { "reference_url": "https://review.opendev.org/c/openstack/neutron/+/989099", "reference_id": "989099", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:04:25Z/" } ], "url": "https://review.opendev.org/c/openstack/neutron/+/989099" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118112?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-49299" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzer-w69h-uyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35258?format=api", "vulnerability_id": "VCID-jecq-8kqy-sfg8", "summary": "When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2710", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2721", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2721" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3792", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3792" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.5414", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14635" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1757482", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1757482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml" }, { "reference_url": "https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607822", "reference_id": "1607822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607822" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14635", "reference_id": "CVE-2018-14635", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14635" }, { "reference_url": "https://github.com/advisories/GHSA-x634-34m9-96mp", "reference_id": "GHSA-x634-34m9-96mp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x634-34m9-96mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118095?format=api", "purl": "pkg:deb/debian/neutron@2:13.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:13.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14635", "GHSA-x634-34m9-96mp", "PYSEC-2018-93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jecq-8kqy-sfg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94851?format=api", "vulnerability_id": "VCID-kp1a-d6qn-f7bz", "summary": "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7821.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7821.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02174", "scoring_system": "epss", "scoring_elements": "0.84641", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02174", "scoring_system": "epss", "scoring_elements": "0.84665", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163457", "reference_id": "1163457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163457" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770431", "reference_id": "770431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1938", "reference_id": "RHSA-2014:1938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1942", "reference_id": "RHSA-2014:1942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0044", "reference_id": "RHSA-2015:0044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0044" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118090?format=api", "purl": "pkg:deb/debian/neutron@2014.1.3-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.3-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7821" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp1a-d6qn-f7bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44116?format=api", "vulnerability_id": "VCID-m7vh-gw28-wbas", "summary": "OpenStack Neutron Intended MAC-spoofing protection mechanism bypass\nThe IPTables firewall in OpenStack Neutron up to 7.0.4 and 8.x before 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1474", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1474" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89634", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89617", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5363" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1558658", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1558658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/5853af9cba6733725d6c9ac0db644f426713f0cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/5853af9cba6733725d6c9ac0db644f426713f0cf" }, { "reference_url": "https://github.com/openstack/neutron/commit/6a93ee8ac1a901c255e3475a24f1afc11d8bf80f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/6a93ee8ac1a901c255e3475a24f1afc11d8bf80f" }, { "reference_url": "https://github.com/openstack/neutron/commit/997d7b03fb7f5528f0a3ce70867b9dcd9321509e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/997d7b03fb7f5528f0a3ce70867b9dcd9321509e" }, { "reference_url": "https://github.com/openstack/neutron/commit/fd5fd259a02156babdfcb12f66cde6ec9e7274ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/fd5fd259a02156babdfcb12f66cde6ec9e7274ae" }, { "reference_url": "https://review.openstack.org/#/c/299021", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/299021" }, { "reference_url": "https://review.openstack.org/#/c/299023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/299023" }, { "reference_url": "https://review.openstack.org/#/c/299025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/299025" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-009.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/10/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345891", "reference_id": "1345891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345891" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5363", "reference_id": "CVE-2016-5363", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5363" }, { "reference_url": "https://github.com/advisories/GHSA-9pp3-cvmq-9p22", "reference_id": "GHSA-9pp3-cvmq-9p22", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9pp3-cvmq-9p22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118094?format=api", "purl": "pkg:deb/debian/neutron@2:8.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:8.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-5363", "GHSA-9pp3-cvmq-9p22" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7vh-gw28-wbas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35259?format=api", "vulnerability_id": "VCID-mcet-nkj3-bug8", "summary": "Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42348", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42273", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14636" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1734320", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1734320" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1767422", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1767422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-94.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-94.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594977", "reference_id": "1594977", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594977" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14636", "reference_id": "CVE-2018-14636", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14636" }, { "reference_url": "https://github.com/advisories/GHSA-8q95-jj7p-x93x", "reference_id": "GHSA-8q95-jj7p-x93x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8q95-jj7p-x93x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118095?format=api", "purl": "pkg:deb/debian/neutron@2:13.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:13.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14636", "GHSA-8q95-jj7p-x93x", "PYSEC-2018-94" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcet-nkj3-bug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43981?format=api", "vulnerability_id": "VCID-n4sa-8h57-xkfu", "summary": "Improper Input Validation\nA Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1680.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1680.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1680", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1680" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14311", "scoring_system": "epss", "scoring_elements": "0.9453", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14311", "scoring_system": "epss", "scoring_elements": "0.94538", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3221" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1461054", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1461054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232284", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3221" }, { "reference_url": "https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38" }, { "reference_url": "https://opendev.org/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/neutron" }, { "reference_url": "https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789713", "reference_id": "789713", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789713" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3221", "reference_id": "CVE-2015-3221", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3221" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3221", "reference_id": "CVE-2015-3221", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3221" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37360.txt", "reference_id": "CVE-2015-5066;CVE-2015-3221;OSVDB-123599", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37360.txt" }, { "reference_url": "https://github.com/advisories/GHSA-wf44-4mgj-rwvx", "reference_id": "GHSA-wf44-4mgj-rwvx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wf44-4mgj-rwvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118092?format=api", "purl": "pkg:deb/debian/neutron@2015.1.0%2B2015.06.24.git61.bdf194a0e1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2015.1.0%252B2015.06.24.git61.bdf194a0e1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3221", "GHSA-wf44-4mgj-rwvx" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4sa-8h57-xkfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62283?format=api", "vulnerability_id": "VCID-ndt5-7wt1-dfbh", "summary": "The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4615.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73494", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73531", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4615" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112945", "reference_id": "1112945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1050", "reference_id": "RHSA-2014:1050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1050" }, { "reference_url": "https://usn.ubuntu.com/2311-1/", "reference_id": "USN-2311-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2311-1/" }, { "reference_url": "https://usn.ubuntu.com/2311-2/", "reference_id": "USN-2311-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2311-2/" }, { "reference_url": "https://usn.ubuntu.com/2321-1/", "reference_id": "USN-2321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118084?format=api", "purl": "pkg:deb/debian/neutron@2014.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-4615" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndt5-7wt1-dfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94849?format=api", "vulnerability_id": "VCID-neqv-w24g-13hn", "summary": "The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70584", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139", "reference_id": "1110139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752021", "reference_id": "752021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0899", "reference_id": "RHSA-2014:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0899" }, { "reference_url": "https://usn.ubuntu.com/2255-1/", "reference_id": "USN-2255-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2255-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118087?format=api", "purl": "pkg:deb/debian/neutron@2014.1.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-4167" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neqv-w24g-13hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94852?format=api", "vulnerability_id": "VCID-npe3-4f3s-efhw", "summary": "The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8153.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72584", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180469", "reference_id": "1180469", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180469" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118086?format=api", "purl": "pkg:deb/debian/neutron@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-npe3-4f3s-efhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35343?format=api", "vulnerability_id": "VCID-p5ww-51mu-buf5", "summary": "An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0935", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0935" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70542", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10876" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1813007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1813007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-189.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-189.yaml" }, { "reference_url": "https://review.openstack.org/#/q/topic:bug/1813007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/q/topic:bug/1813007" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2019-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2019-002.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/09/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695883", "reference_id": "1695883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695883" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502", "reference_id": "926502", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10876", "reference_id": "CVE-2019-10876", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10876" }, { "reference_url": "https://github.com/advisories/GHSA-jr9m-v5qh-mh2j", "reference_id": "GHSA-jr9m-v5qh-mh2j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jr9m-v5qh-mh2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118098?format=api", "purl": "pkg:deb/debian/neutron@2:13.0.2-15?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:13.0.2-15%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10876", "GHSA-jr9m-v5qh-mh2j", "PYSEC-2019-189" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ww-51mu-buf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35856?format=api", "vulnerability_id": "VCID-p6g8-396q-t7ck", "summary": "An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01348", "scoring_system": "epss", "scoring_elements": "0.80446", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01348", "scoring_system": "epss", "scoring_elements": "0.8042", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml" }, { "reference_url": "https://launchpad.net/bugs/1939733", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1939733" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40085", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40085" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-005.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4983", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4983" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/31/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/31/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998052", "reference_id": "1998052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398", "reference_id": "993398", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398" }, { "reference_url": "https://github.com/advisories/GHSA-fh73-gjvg-349c", "reference_id": "GHSA-fh73-gjvg-349c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh73-gjvg-349c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3481", "reference_id": "RHSA-2021:3481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3488", "reference_id": "RHSA-2021:3488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3502", "reference_id": "RHSA-2021:3502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3503", "reference_id": "RHSA-2021:3503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3503" }, { "reference_url": "https://usn.ubuntu.com/6067-1/", "reference_id": "USN-6067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118104?format=api", "purl": "pkg:deb/debian/neutron@2:18.1.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:18.1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-40085", "GHSA-fh73-gjvg-349c", "PYSEC-2021-361" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6g8-396q-t7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94841?format=api", "vulnerability_id": "VCID-rafk-kj3p-b7d4", "summary": "Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68782", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68742", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1235450", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1235450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55" }, { "reference_url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7" }, { "reference_url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419" }, { "reference_url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py" }, { "reference_url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/11/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/11/8" }, { "reference_url": "http://www.securityfocus.com/bid/64250", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64250" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039148", "reference_id": "1039148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039148" }, { "reference_url": "https://github.com/advisories/GHSA-22w9-j288-8p9w", "reference_id": "GHSA-22w9-j288-8p9w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22w9-j288-8p9w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0091", "reference_id": "RHSA-2014:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0231", "reference_id": "RHSA-2014:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118076?format=api", "purl": "pkg:deb/debian/neutron@2013.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2013.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6419", "GHSA-22w9-j288-8p9w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rafk-kj3p-b7d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45714?format=api", "vulnerability_id": "VCID-s7eu-cz6b-c7bz", "summary": "Uncontrolled Resource Consumption\nAn uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4283", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4283" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39401", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222270", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222270" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1", "reference_id": "cpe:/a:redhat:openstack:16.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2::el8", "reference_id": "cpe:/a:redhat:openstack:16.2::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0", "reference_id": "cpe:/a:redhat:openstack:17.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1", "reference_id": "cpe:/a:redhat:openstack:17.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0", "reference_id": "cpe:/a:redhat:openstack:18.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13", "reference_id": "cpe:/a:redhat:openstack-optools:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3637", "reference_id": "CVE-2023-3637", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3637" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3637", "reference_id": "CVE-2023-3637", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3637" }, { "reference_url": "https://github.com/advisories/GHSA-r3jh-qhgj-gvr8", "reference_id": "GHSA-r3jh-qhgj-gvr8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r3jh-qhgj-gvr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118086?format=api", "purl": "pkg:deb/debian/neutron@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3637", "GHSA-r3jh-qhgj-gvr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7eu-cz6b-c7bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94847?format=api", "vulnerability_id": "VCID-snf1-xa7v-1kac", "summary": "OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1119.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1119.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1120.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1078", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1120", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1120" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3555.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3555" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75669", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75641", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3555" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1336207", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1336207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118833", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555" }, { "reference_url": "http://seclists.org/oss-sec/2014/q3/200", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q3/200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3555" }, { "reference_url": "https://opendev.org/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/neutron" }, { "reference_url": "https://web.archive.org/web/20200228142429/http://www.securityfocus.com/bid/68765", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228142429/http://www.securityfocus.com/bid/68765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755134", "reference_id": "755134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755134" }, { "reference_url": "https://github.com/advisories/GHSA-4pmp-38hf-rmwj", "reference_id": "GHSA-4pmp-38hf-rmwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4pmp-38hf-rmwj" }, { "reference_url": "https://usn.ubuntu.com/2321-1/", "reference_id": "USN-2321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118085?format=api", "purl": "pkg:deb/debian/neutron@2014.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2014.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3555", "GHSA-4pmp-38hf-rmwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snf1-xa7v-1kac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35330?format=api", "vulnerability_id": "VCID-t5sb-ghkg-zbb6", "summary": "An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0916", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0935", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0935" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01892", "scoring_system": "epss", "scoring_elements": "0.83539", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01892", "scoring_system": "epss", "scoring_elements": "0.83564", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml" }, { "reference_url": "https://launchpad.net/bugs/1818385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1818385" }, { "reference_url": "https://seclists.org/bugtraq/2019/Mar/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Mar/24" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2019-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2019-001.html" }, { "reference_url": "https://usn.ubuntu.com/4036-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4036-1" }, { "reference_url": "https://usn.ubuntu.com/4036-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4036-1/" }, { "reference_url": "https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4409", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4409" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/18/2" }, { "reference_url": "http://www.securityfocus.com/bid/107390", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/107390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690745", "reference_id": "1690745", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690745" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924508", "reference_id": "924508", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924508" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9735", "reference_id": "CVE-2019-9735", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9735" }, { "reference_url": "https://github.com/advisories/GHSA-9773-3fqg-8w25", "reference_id": "GHSA-9773-3fqg-8w25", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9773-3fqg-8w25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118100?format=api", "purl": "pkg:deb/debian/neutron@2:13.0.2-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:13.0.2-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9735", "GHSA-9773-3fqg-8w25", "PYSEC-2019-190" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5sb-ghkg-zbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35812?format=api", "vulnerability_id": "VCID-wa91-gzx6-h7gu", "summary": "A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31539", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31472", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20267", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20267" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-001.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104", "reference_id": "985104", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104" }, { "reference_url": "https://github.com/advisories/GHSA-w8hx-f868-pvch", "reference_id": "GHSA-w8hx-f868-pvch", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8hx-f868-pvch" }, { "reference_url": "https://usn.ubuntu.com/6067-1/", "reference_id": "USN-6067-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6067-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118102?format=api", "purl": "pkg:deb/debian/neutron@2:17.1.1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.1.1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20267", "GHSA-w8hx-f868-pvch", "PYSEC-2021-136" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wa91-gzx6-h7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56258?format=api", "vulnerability_id": "VCID-yzgk-t5qz-1bah", "summary": "OpenStack Neutron can use an incorrect ID during policy enforcement\nIn OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not belong to the tenant, and this action is not subjected to the proper policy authorization check. This affects 23 before 23.2.1, 24 before 24.0.2, and 25 before 25.0.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33613", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53916" }, { "reference_url": "https://github.com/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron" }, { "reference_url": "https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:11Z/" } ], "url": "https://github.com/openstack/neutron/blob/363ffa6e9e1ab5968f87d45bc2f1cb6394f48b9f/neutron/extensions/tagging.py#L138-L232" }, { "reference_url": "https://review.opendev.org/c/openstack/neutron/+/935883", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:11Z/" } ], "url": "https://review.opendev.org/c/openstack/neutron/+/935883" }, { "reference_url": "https://review.opendev.org/q/project:openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:11Z/" } ], "url": "https://review.opendev.org/q/project:openstack/neutron" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T16:37:11Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-005.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/03/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088802", "reference_id": "1088802", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328595", "reference_id": "2328595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328595" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53916", "reference_id": "CVE-2024-53916", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53916" }, { "reference_url": "https://github.com/advisories/GHSA-f27h-g923-68hw", "reference_id": "GHSA-f27h-g923-68hw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f27h-g923-68hw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118086?format=api", "purl": "pkg:deb/debian/neutron@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118111?format=api", "purl": "pkg:deb/debian/neutron@2:25.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:25.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-53916", "GHSA-f27h-g923-68hw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzgk-t5qz-1bah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94843?format=api", "vulnerability_id": "VCID-zkab-q3k5-9qdm", "summary": "The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0516.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0516.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0516", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0516" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0056.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0056.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0056" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44166", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44097", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0056" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1243327", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1243327" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063141", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0056" }, { "reference_url": "https://opendev.org/openstack/neutron", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/neutron" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/27/5" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2194-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2194-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742800", "reference_id": "742800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742800" }, { "reference_url": "https://github.com/advisories/GHSA-72p9-6gc7-q93r", "reference_id": "GHSA-72p9-6gc7-q93r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-72p9-6gc7-q93r" }, { "reference_url": "https://usn.ubuntu.com/2194-1/", "reference_id": "USN-2194-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2194-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118083?format=api", "purl": "pkg:deb/debian/neutron@2013.2.2-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2013.2.2-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118077?format=api", "purl": "pkg:deb/debian/neutron@2:17.2.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ecp9-x6p6-7fa2" }, { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:17.2.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118075?format=api", "purl": "pkg:deb/debian/neutron@2:21.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:21.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118080?format=api", "purl": "pkg:deb/debian/neutron@2:26.0.0-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:26.0.0-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118078?format=api", "purl": "pkg:deb/debian/neutron@2:27.0.1-6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hzer-w69h-uyah" }, { "vulnerability": "VCID-vgam-kptj-nuhn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:27.0.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/118079?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/304778?format=api", "purl": "pkg:deb/debian/neutron@2:28.0.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-7%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0056", "GHSA-72p9-6gc7-q93r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkab-q3k5-9qdm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neutron@2:28.0.0-6%3Fdistro=trixie" }