Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/neutron@10.0.7
Typepypi
Namespace
Nameneutron
Version10.0.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.0.8
Latest_non_vulnerable_version2015.1.1
Affected_by_vulnerabilities
0
url VCID-1444-3h31-3kdv
vulnerability_id VCID-1444-3h31-3kdv
summary OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38598.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38598
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33562
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38598
2
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
3
reference_url https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/0a931391d8990f3e654b4bfda24ae4119c609bbf
4
reference_url https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/cc0d28a3e2ccfad6fc2ff24d78f009cbe3992575
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-360.yaml
6
reference_url https://launchpad.net/bugs/1938670
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1938670
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38598
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38598
8
reference_url https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/neutron/commit/fafa5dacd5057120562184a734e7345e7c0e9639
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995273
reference_id 1995273
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995273
fixed_packages
0
url pkg:pypi/neutron@16.4.1
purl pkg:pypi/neutron@16.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1
1
url pkg:pypi/neutron@17.1.3
purl pkg:pypi/neutron@17.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.1.3
2
url pkg:pypi/neutron@18.1.0
purl pkg:pypi/neutron@18.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-69mn-brsx-xydy
1
vulnerability VCID-p6g8-396q-t7ck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.0
aliases CVE-2021-38598, GHSA-hvm4-mc7m-22w4, PYSEC-2021-360
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1444-3h31-3kdv
1
url VCID-69mn-brsx-xydy
vulnerability_id VCID-69mn-brsx-xydy
summary An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40797
reference_id
reference_type
scores
0
value 0.00694
scoring_system epss
scoring_elements 0.72273
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40797
2
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
3
reference_url https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml
5
reference_url https://launchpad.net/bugs/1942179
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1942179
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40797
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40797
7
reference_url https://security.openstack.org/ossa/OSSA-2021-006.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-006.html
8
reference_url http://www.openwall.com/lists/oss-security/2021/09/09/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/09/09/2
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2003248
reference_id 2003248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2003248
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202
reference_id 994202
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202
11
reference_url https://access.redhat.com/errata/RHSA-2022:0990
reference_id RHSA-2022:0990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0990
12
reference_url https://access.redhat.com/errata/RHSA-2022:0996
reference_id RHSA-2022:0996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0996
fixed_packages
0
url pkg:pypi/neutron@16.4.1
purl pkg:pypi/neutron@16.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1
1
url pkg:pypi/neutron@17.2.1
purl pkg:pypi/neutron@17.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.2.1
2
url pkg:pypi/neutron@18.1.1
purl pkg:pypi/neutron@18.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1
aliases CVE-2021-40797, GHSA-cpx3-696p-3cw9, PYSEC-2021-329
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69mn-brsx-xydy
2
url VCID-jecq-8kqy-sfg8
vulnerability_id VCID-jecq-8kqy-sfg8
summary When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2710
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2710
1
reference_url https://access.redhat.com/errata/RHSA-2018:2715
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2715
2
reference_url https://access.redhat.com/errata/RHSA-2018:2721
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2721
3
reference_url https://access.redhat.com/errata/RHSA-2018:3792
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3792
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14635.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14635.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14635
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.5414
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14635
6
reference_url https://bugs.launchpad.net/neutron/+bug/1757482
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/neutron/+bug/1757482
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635
8
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
9
reference_url https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/54aa6e81cb17b33ce4d5d469cc11dec2869c762d
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-93.yaml
11
reference_url https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1607822
reference_id 1607822
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1607822
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14635
reference_id CVE-2018-14635
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14635
14
reference_url https://github.com/advisories/GHSA-x634-34m9-96mp
reference_id GHSA-x634-34m9-96mp
reference_type
scores
url https://github.com/advisories/GHSA-x634-34m9-96mp
fixed_packages
0
url pkg:pypi/neutron@11.0.6
purl pkg:pypi/neutron@11.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p5ww-51mu-buf5
3
vulnerability VCID-p6g8-396q-t7ck
4
vulnerability VCID-t5sb-ghkg-zbb6
5
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.6
1
url pkg:pypi/neutron@12.0.4
purl pkg:pypi/neutron@12.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p5ww-51mu-buf5
3
vulnerability VCID-p6g8-396q-t7ck
4
vulnerability VCID-t5sb-ghkg-zbb6
5
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.4
2
url pkg:pypi/neutron@13.0.0.0b2
purl pkg:pypi/neutron@13.0.0.0b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.0.0b2
aliases CVE-2018-14635, GHSA-x634-34m9-96mp, PYSEC-2018-93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jecq-8kqy-sfg8
3
url VCID-mcet-nkj3-bug8
vulnerability_id VCID-mcet-nkj3-bug8
summary Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14636.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14636
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42273
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14636
2
reference_url https://bugs.launchpad.net/neutron/+bug/1734320
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/neutron/+bug/1734320
3
reference_url https://bugs.launchpad.net/neutron/+bug/1767422
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/neutron/+bug/1767422
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636
5
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-94.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2018-94.yaml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594977
reference_id 1594977
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594977
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14636
reference_id CVE-2018-14636
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14636
9
reference_url https://github.com/advisories/GHSA-8q95-jj7p-x93x
reference_id GHSA-8q95-jj7p-x93x
reference_type
scores
url https://github.com/advisories/GHSA-8q95-jj7p-x93x
fixed_packages
0
url pkg:pypi/neutron@11.0.5
purl pkg:pypi/neutron@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-jecq-8kqy-sfg8
3
vulnerability VCID-p5ww-51mu-buf5
4
vulnerability VCID-p6g8-396q-t7ck
5
vulnerability VCID-t5sb-ghkg-zbb6
6
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.5
1
url pkg:pypi/neutron@12.0.3
purl pkg:pypi/neutron@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-jecq-8kqy-sfg8
3
vulnerability VCID-p5ww-51mu-buf5
4
vulnerability VCID-p6g8-396q-t7ck
5
vulnerability VCID-t5sb-ghkg-zbb6
6
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.3
2
url pkg:pypi/neutron@13.0.0.0b2
purl pkg:pypi/neutron@13.0.0.0b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.0.0b2
aliases CVE-2018-14636, GHSA-8q95-jj7p-x93x, PYSEC-2018-94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcet-nkj3-bug8
4
url VCID-p5ww-51mu-buf5
vulnerability_id VCID-p5ww-51mu-buf5
summary An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0879
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0879
1
reference_url https://access.redhat.com/errata/RHSA-2019:0935
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0935
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10876.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10876.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10876
reference_id
reference_type
scores
0
value 0.00624
scoring_system epss
scoring_elements 0.70542
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10876
4
reference_url https://bugs.launchpad.net/ossa/+bug/1813007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1813007
5
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-189.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-189.yaml
7
reference_url https://review.openstack.org/#/q/topic:bug/1813007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/q/topic:bug/1813007
8
reference_url https://security.openstack.org/ossa/OSSA-2019-002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-002.html
9
reference_url http://www.openwall.com/lists/oss-security/2019/04/09/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/09/2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1695883
reference_id 1695883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1695883
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502
reference_id 926502
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926502
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10876
reference_id CVE-2019-10876
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10876
13
reference_url https://github.com/advisories/GHSA-jr9m-v5qh-mh2j
reference_id GHSA-jr9m-v5qh-mh2j
reference_type
scores
url https://github.com/advisories/GHSA-jr9m-v5qh-mh2j
fixed_packages
0
url pkg:pypi/neutron@11.0.7
purl pkg:pypi/neutron@11.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.7
1
url pkg:pypi/neutron@12.0.6
purl pkg:pypi/neutron@12.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.6
2
url pkg:pypi/neutron@13.0.3
purl pkg:pypi/neutron@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.3
aliases CVE-2019-10876, GHSA-jr9m-v5qh-mh2j, PYSEC-2019-189
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ww-51mu-buf5
5
url VCID-p6g8-396q-t7ck
vulnerability_id VCID-p6g8-396q-t7ck
summary An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40085.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40085
reference_id
reference_type
scores
0
value 0.01348
scoring_system epss
scoring_elements 0.8042
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40085
2
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
3
reference_url https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml
5
reference_url https://launchpad.net/bugs/1939733
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1939733
6
reference_url https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html
7
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40085
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40085
9
reference_url https://security.openstack.org/ossa/OSSA-2021-005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-005.html
10
reference_url https://www.debian.org/security/2021/dsa-4983
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4983
11
reference_url http://www.openwall.com/lists/oss-security/2021/08/31/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/08/31/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1998052
reference_id 1998052
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1998052
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398
reference_id 993398
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398
14
reference_url https://access.redhat.com/errata/RHSA-2021:3481
reference_id RHSA-2021:3481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3481
15
reference_url https://access.redhat.com/errata/RHSA-2021:3488
reference_id RHSA-2021:3488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3488
16
reference_url https://access.redhat.com/errata/RHSA-2021:3502
reference_id RHSA-2021:3502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3502
17
reference_url https://access.redhat.com/errata/RHSA-2021:3503
reference_id RHSA-2021:3503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3503
fixed_packages
0
url pkg:pypi/neutron@16.4.1
purl pkg:pypi/neutron@16.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.4.1
1
url pkg:pypi/neutron@17.2.1
purl pkg:pypi/neutron@17.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.2.1
2
url pkg:pypi/neutron@18.1.1
purl pkg:pypi/neutron@18.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1
aliases CVE-2021-40085, GHSA-fh73-gjvg-349c, PYSEC-2021-361
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6g8-396q-t7ck
6
url VCID-t5sb-ghkg-zbb6
vulnerability_id VCID-t5sb-ghkg-zbb6
summary An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0879
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0879
1
reference_url https://access.redhat.com/errata/RHSA-2019:0916
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0916
2
reference_url https://access.redhat.com/errata/RHSA-2019:0935
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0935
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9735.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9735.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9735
reference_id
reference_type
scores
0
value 0.01892
scoring_system epss
scoring_elements 0.83539
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9735
5
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml
7
reference_url https://launchpad.net/bugs/1818385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1818385
8
reference_url https://seclists.org/bugtraq/2019/Mar/24
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Mar/24
9
reference_url https://security.openstack.org/ossa/OSSA-2019-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-001.html
10
reference_url https://usn.ubuntu.com/4036-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4036-1
11
reference_url https://usn.ubuntu.com/4036-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4036-1/
12
reference_url https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390
13
reference_url https://www.debian.org/security/2019/dsa-4409
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4409
14
reference_url http://www.openwall.com/lists/oss-security/2019/03/18/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/03/18/2
15
reference_url http://www.securityfocus.com/bid/107390
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107390
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1690745
reference_id 1690745
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1690745
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924508
reference_id 924508
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924508
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9735
reference_id CVE-2019-9735
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9735
19
reference_url https://github.com/advisories/GHSA-9773-3fqg-8w25
reference_id GHSA-9773-3fqg-8w25
reference_type
scores
url https://github.com/advisories/GHSA-9773-3fqg-8w25
fixed_packages
0
url pkg:pypi/neutron@10.0.8
purl pkg:pypi/neutron@10.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.8
1
url pkg:pypi/neutron@11.0.7
purl pkg:pypi/neutron@11.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.7
2
url pkg:pypi/neutron@12.0.6
purl pkg:pypi/neutron@12.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.6
3
url pkg:pypi/neutron@13.0.3
purl pkg:pypi/neutron@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
3
vulnerability VCID-wa91-gzx6-h7gu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.3
aliases CVE-2019-9735, GHSA-9773-3fqg-8w25, PYSEC-2019-190
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5sb-ghkg-zbb6
7
url VCID-wa91-gzx6-h7gu
vulnerability_id VCID-wa91-gzx6-h7gu
summary A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20267.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20267
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31472
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20267
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934330
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1934330
3
reference_url https://github.com/openstack/neutron
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-136.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20267
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20267
6
reference_url https://security.openstack.org/ossa/OSSA-2021-001.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-001.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104
reference_id 985104
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985104
fixed_packages
0
url pkg:pypi/neutron@15.3.3
purl pkg:pypi/neutron@15.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@15.3.3
1
url pkg:pypi/neutron@16.3.1
purl pkg:pypi/neutron@16.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@16.3.1
2
url pkg:pypi/neutron@17.1.1
purl pkg:pypi/neutron@17.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1444-3h31-3kdv
1
vulnerability VCID-69mn-brsx-xydy
2
vulnerability VCID-p6g8-396q-t7ck
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@17.1.1
aliases CVE-2021-20267, GHSA-w8hx-f868-pvch, PYSEC-2021-136
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wa91-gzx6-h7gu
Fixing_vulnerabilities
Risk_score4.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.7