Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/neutron@16.3.0

Type pypi

Namespace

Name neutron

Version 16.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 23.0.0.0b1

Latest_non_vulnerable_version 26.0.0.0b1

Affected_by_vulnerabilities

url VCID-1444-3h31-3kdv

vulnerability_id VCID-1444-3h31-3kdv

summary OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38598

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33664
published_at	2026-06-05T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33562
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38598

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf

reference_url

https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml

reference_url

https://launchpad.net/bugs/1938670

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1938670

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-38598

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38598

reference_url

https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995273
reference_id	1995273
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995273

reference_url

https://github.com/advisories/GHSA-hvm4-mc7m-22w4

reference_id

GHSA-hvm4-mc7m-22w4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hvm4-mc7m-22w4

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

url pkg:pypi/neutron@16.4.1

purl pkg:pypi/neutron@16.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1

url	pkg:pypi/neutron@17.1.3
purl	pkg:pypi/neutron@17.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.1.3

url pkg:pypi/neutron@17.2.0

purl pkg:pypi/neutron@17.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69mn-brsx-xydy

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-p6g8-396q-t7ck

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.2.0

url pkg:pypi/neutron@18.1.0

purl pkg:pypi/neutron@18.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69mn-brsx-xydy

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-p6g8-396q-t7ck

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.0

aliases CVE-2021-38598, GHSA-hvm4-mc7m-22w4, PYSEC-2021-360

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1444-3h31-3kdv

url VCID-69mn-brsx-xydy

vulnerability_id VCID-69mn-brsx-xydy

summary An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_id

reference_type

scores

value	0.00694
scoring_system	epss
scoring_elements	0.72315
published_at	2026-06-05T12:55:00Z

value	0.00694
scoring_system	epss
scoring_elements	0.72273
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_url

https://launchpad.net/bugs/1942179

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1942179

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248
reference_id	2003248
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202
reference_id	994202
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202

reference_url

https://github.com/advisories/GHSA-cpx3-696p-3cw9

reference_id

GHSA-cpx3-696p-3cw9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cpx3-696p-3cw9

reference_url	https://access.redhat.com/errata/RHSA-2022:0990
reference_id	RHSA-2022:0990
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0990

reference_url	https://access.redhat.com/errata/RHSA-2022:0996
reference_id	RHSA-2022:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0996

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

url pkg:pypi/neutron@16.4.1

purl pkg:pypi/neutron@16.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1

url pkg:pypi/neutron@17.2.1

purl pkg:pypi/neutron@17.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.2.1

url pkg:pypi/neutron@18.1.1

purl pkg:pypi/neutron@18.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1

aliases CVE-2021-40797, GHSA-cpx3-696p-3cw9, PYSEC-2021-329

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69mn-brsx-xydy

url VCID-ecp9-x6p6-7fa2

vulnerability_id VCID-ecp9-x6p6-7fa2

summary

openstack-neutron uncontrolled resource consumption flaw
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3277.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3277

reference_id

reference_type

scores

value	0.00402
scoring_system	epss
scoring_elements	0.6115
published_at	2026-06-04T12:55:00Z

value	0.00402
scoring_system	epss
scoring_elements	0.61198
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3277

reference_url

https://bugs.launchpad.net/neutron/+bug/1988026

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/

url

https://bugs.launchpad.net/neutron/+bug/1988026

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2129193

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T15:54:44Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2129193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3277

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/01fc2b9195f999df4d810df4ee63f77ecbc81f7e

reference_url

https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/717e3e09556f1fb9a7a420863746fa785eb6c316

reference_url

https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/733ef4f2d8c2a3734c360d1c1dd3a6fcd600cb8c

reference_url

https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/cbeee87fa44cd200d4997e02042098460167dce1

reference_url

https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/d0e1b54fb1de932b2b30ab4269cf5789632df476

reference_url

https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/fd7fb0e9d8c602380f54975367d935ab69e10c05

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150
reference_id	1027150
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027150

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3277

reference_id

CVE-2022-3277

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3277

reference_url	https://github.com/advisories/GHSA-w446-h7vg-wv3p
reference_id	GHSA-w446-h7vg-wv3p
reference_type
scores
url	https://github.com/advisories/GHSA-w446-h7vg-wv3p

reference_url	https://access.redhat.com/errata/RHSA-2022:8855
reference_id	RHSA-2022:8855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8855

reference_url	https://access.redhat.com/errata/RHSA-2022:8870
reference_id	RHSA-2022:8870
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8870

reference_url	https://access.redhat.com/errata/RHSA-2023:0275
reference_id	RHSA-2023:0275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0275

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

url pkg:pypi/neutron@18.6.0

purl pkg:pypi/neutron@18.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s7eu-cz6b-c7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.6.0

url pkg:pypi/neutron@19.5.0

purl pkg:pypi/neutron@19.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s7eu-cz6b-c7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@19.5.0

url pkg:pypi/neutron@20.3.0

purl pkg:pypi/neutron@20.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s7eu-cz6b-c7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@20.3.0

url pkg:pypi/neutron@21.0.0.0rc1

purl pkg:pypi/neutron@21.0.0.0rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s7eu-cz6b-c7bz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@21.0.0.0rc1

aliases CVE-2022-3277, GHSA-w446-h7vg-wv3p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecp9-x6p6-7fa2

url VCID-n4sa-8h57-xkfu

vulnerability_id VCID-n4sa-8h57-xkfu

summary

Improper Input Validation
A Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1680.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1680.html

reference_url

https://access.redhat.com/errata/RHSA-2015:1680

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2015:1680

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3221.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3221

reference_id

reference_type

scores

value	0.14311
scoring_system	epss
scoring_elements	0.9453
published_at	2026-06-04T12:55:00Z

value	0.14311
scoring_system	epss
scoring_elements	0.94538
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3221

reference_url

https://bugs.launchpad.net/neutron/+bug/1461054

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/neutron/+bug/1461054

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1232284

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1232284

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3221

reference_url

https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/neutron/commit/?id=9ff6138c47c95034ba845e9448ddffd147b51f38

reference_url

https://opendev.org/openstack/neutron

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/neutron

reference_url

https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228084753/http://www.securityfocus.com/bid/75368

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789713
reference_id	789713
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789713

reference_url

https://access.redhat.com/security/cve/CVE-2015-3221

reference_id

CVE-2015-3221

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2015-3221

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3221

reference_id

CVE-2015-3221

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3221

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37360.txt
reference_id	CVE-2015-5066;CVE-2015-3221;OSVDB-123599
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/37360.txt

reference_url	https://github.com/advisories/GHSA-wf44-4mgj-rwvx
reference_id	GHSA-wf44-4mgj-rwvx
reference_type
scores
url	https://github.com/advisories/GHSA-wf44-4mgj-rwvx

fixed_packages

url	pkg:pypi/neutron@2014.2.4
purl	pkg:pypi/neutron@2014.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@2014.2.4

url	pkg:pypi/neutron@2015.1.1
purl	pkg:pypi/neutron@2015.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@2015.1.1

aliases CVE-2015-3221, GHSA-wf44-4mgj-rwvx

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4sa-8h57-xkfu

url VCID-p6g8-396q-t7ck

vulnerability_id VCID-p6g8-396q-t7ck

summary An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40085

reference_id

reference_type

scores

value	0.01348
scoring_system	epss
scoring_elements	0.80446
published_at	2026-06-05T12:55:00Z

value	0.01348
scoring_system	epss
scoring_elements	0.8042
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml

reference_url

https://launchpad.net/bugs/1939733

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1939733

reference_url

https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-40085

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-40085

reference_url

https://security.openstack.org/ossa/OSSA-2021-005.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-005.html

reference_url

https://www.debian.org/security/2021/dsa-4983

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4983

reference_url

http://www.openwall.com/lists/oss-security/2021/08/31/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/08/31/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1998052
reference_id	1998052
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1998052

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398
reference_id	993398
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398

reference_url

https://github.com/advisories/GHSA-fh73-gjvg-349c

reference_id

GHSA-fh73-gjvg-349c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fh73-gjvg-349c

reference_url	https://access.redhat.com/errata/RHSA-2021:3481
reference_id	RHSA-2021:3481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3481

reference_url	https://access.redhat.com/errata/RHSA-2021:3488
reference_id	RHSA-2021:3488
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3488

reference_url	https://access.redhat.com/errata/RHSA-2021:3502
reference_id	RHSA-2021:3502
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3502

reference_url	https://access.redhat.com/errata/RHSA-2021:3503
reference_id	RHSA-2021:3503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3503

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

url pkg:pypi/neutron@16.4.1

purl pkg:pypi/neutron@16.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1

url pkg:pypi/neutron@17.2.1

purl pkg:pypi/neutron@17.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.2.1

url pkg:pypi/neutron@18.1.1

purl pkg:pypi/neutron@18.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1

aliases CVE-2021-40085, GHSA-fh73-gjvg-349c, PYSEC-2021-361

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6g8-396q-t7ck

url VCID-s7eu-cz6b-c7bz

vulnerability_id VCID-s7eu-cz6b-c7bz

summary

Uncontrolled Resource Consumption
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:4283

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/

url

https://access.redhat.com/errata/RHSA-2023:4283

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3637.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3637

reference_id

reference_type

scores

value	0.0018
scoring_system	epss
scoring_elements	0.39401
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3637

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2222270

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2222270

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1
reference_id	cpe:/a:redhat:openstack:16.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2::el8
reference_id	cpe:/a:redhat:openstack:16.2::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0
reference_id	cpe:/a:redhat:openstack:17.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1
reference_id	cpe:/a:redhat:openstack:17.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:17.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0
reference_id	cpe:/a:redhat:openstack:18.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:18.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13
reference_id	cpe:/a:redhat:openstack-optools:13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13

reference_url

https://access.redhat.com/security/cve/CVE-2023-3637

reference_id

CVE-2023-3637

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:48:25Z/

url

https://access.redhat.com/security/cve/CVE-2023-3637

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-3637

reference_id

CVE-2023-3637

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-3637

reference_url	https://github.com/advisories/GHSA-r3jh-qhgj-gvr8
reference_id	GHSA-r3jh-qhgj-gvr8
reference_type
scores
url	https://github.com/advisories/GHSA-r3jh-qhgj-gvr8

fixed_packages

url	pkg:pypi/neutron@23.0.0.0b1
purl	pkg:pypi/neutron@23.0.0.0b1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@23.0.0.0b1

aliases CVE-2023-3637, GHSA-r3jh-qhgj-gvr8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7eu-cz6b-c7bz

url VCID-snf1-xa7v-1kac

vulnerability_id VCID-snf1-xa7v-1kac

summary OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1119.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1119.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1120.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1120.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1078

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1078

reference_url

https://access.redhat.com/errata/RHSA-2014:1119

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1119

reference_url

https://access.redhat.com/errata/RHSA-2014:1120

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1120

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3555.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3555.json

reference_url

https://access.redhat.com/security/cve/CVE-2014-3555

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3555

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3555

reference_id

reference_type

scores

value	0.00875
scoring_system	epss
scoring_elements	0.75669
published_at	2026-06-05T12:55:00Z

value	0.00875
scoring_system	epss
scoring_elements	0.75641
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3555

reference_url

https://bugs.launchpad.net/neutron/+bug/1336207

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/neutron/+bug/1336207

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1118833

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1118833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555

reference_url

http://seclists.org/oss-sec/2014/q3/200

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2014/q3/200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3555

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3555

reference_url

https://opendev.org/openstack/neutron

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/neutron

reference_url

https://web.archive.org/web/20200228142429/http://www.securityfocus.com/bid/68765

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228142429/http://www.securityfocus.com/bid/68765

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755134
reference_id	755134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755134

reference_url	https://github.com/advisories/GHSA-4pmp-38hf-rmwj
reference_id	GHSA-4pmp-38hf-rmwj
reference_type
scores
url	https://github.com/advisories/GHSA-4pmp-38hf-rmwj

reference_url	https://usn.ubuntu.com/2321-1/
reference_id	USN-2321-1
reference_type
scores
url	https://usn.ubuntu.com/2321-1/

fixed_packages

url	pkg:pypi/neutron@2013.2.4
purl	pkg:pypi/neutron@2013.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@2013.2.4

url	pkg:pypi/neutron@2014.1.2
purl	pkg:pypi/neutron@2014.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@2014.1.2

aliases CVE-2014-3555, GHSA-4pmp-38hf-rmwj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snf1-xa7v-1kac

url VCID-wa91-gzx6-h7gu

vulnerability_id VCID-wa91-gzx6-h7gu

summary A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20267

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31539
published_at	2026-06-05T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31472
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20267

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1934330

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1934330

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20267
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20267

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20267

reference_url

https://security.openstack.org/ossa/OSSA-2021-001.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-001.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104
reference_id	985104
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104

reference_url

https://github.com/advisories/GHSA-w8hx-f868-pvch

reference_id

GHSA-w8hx-f868-pvch

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w8hx-f868-pvch

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

url pkg:pypi/neutron@16.3.1

purl pkg:pypi/neutron@16.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1444-3h31-3kdv

vulnerability	VCID-69mn-brsx-xydy

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-p6g8-396q-t7ck

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.3.1

url pkg:pypi/neutron@17.1.1

purl pkg:pypi/neutron@17.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1444-3h31-3kdv

vulnerability	VCID-69mn-brsx-xydy

vulnerability	VCID-ecp9-x6p6-7fa2

vulnerability	VCID-n4sa-8h57-xkfu

vulnerability	VCID-p6g8-396q-t7ck

vulnerability	VCID-s7eu-cz6b-c7bz

vulnerability	VCID-snf1-xa7v-1kac

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.1.1

aliases CVE-2021-20267, GHSA-w8hx-f868-pvch, PYSEC-2021-136

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wa91-gzx6-h7gu

Fixing_vulnerabilities

Risk_score 4.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.3.0

Package Instance