Suse Neuvector
9 CVEs affecting Suse Neuvector. Latest disclosed: 2026-01-08. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54469 | Critical | 9.9 | 2025-10-30 | A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be ex… |
CVE-2025-8077 | Critical | 9.8 | 2025-09-17 | A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in `admin` account… |
CVE-2025-66001 | High | 8.8 | 2026-01-08 | NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) f… |
CVE-2025-54470 | High | 8.6 | 2025-10-30 | This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends an… |
CVE-2025-54471 | Medium | 6.5 | 2025-10-30 | NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used… |
CVE-2025-54467 | Medium | 5.3 | 2025-09-17 | When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector secur… |
CVE-2025-53884 | Medium | 5.3 | 2025-09-17 | NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of k… |
CVE-2023-32188 | | 2024-10-16 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malici… | |
CVE-2023-22644 | | 2023-09-20 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malici… |