This page lists publicly disclosed CVE vulnerabilities affecting openstack neutron (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-6414 | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | [email protected] | 4.0 | 2.09% | 2014-10-02 | 2026-06-16 |
| CVE-2014-4615 | The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | [email protected] | 5.0 | 2.77% | 2014-08-19 | 2026-06-16 |
| CVE-2014-3555 | OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. | [email protected] | 4.0 | 2.21% | 2014-07-23 | 2026-06-16 |
| CVE-2014-4167 | The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | [email protected] | 3.5 | 1.66% | 2014-07-11 | 2026-06-16 |
| CVE-2013-6433 | The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | [email protected] | 7.6 | 3.32% | 2014-06-02 | 2026-06-16 |
| CVE-2014-0056 | The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | [email protected] | 2.1 | 1.43% | 2014-05-08 | 2026-06-16 |
| CVE-2014-0187 | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | [email protected] | 9.0 | 2.92% | 2014-04-28 | 2026-06-16 |