Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/nova@2012.1.1-18
Typedeb
Namespacedebian
Namenova
Version2012.1.1-18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2:26.2.2-1~deb12u3
Latest_non_vulnerable_version2:26.2.2-1~deb12u3
Affected_by_vulnerabilities
0
url VCID-1fb2-ccby-7yfq
vulnerability_id VCID-1fb2-ccby-7yfq
summary An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-18T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-16T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59746
published_at 2026-04-13T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.59629
published_at 2026-04-01T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.59764
published_at 2026-04-12T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.5978
published_at 2026-04-11T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-09T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59747
published_at 2026-04-08T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59695
published_at 2026-04-07T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59726
published_at 2026-04-04T12:55:00Z
10
value 0.00385
scoring_system epss
scoring_elements 0.59701
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
6
reference_url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
7
reference_url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
8
reference_url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
9
reference_url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
11
reference_url https://launchpad.net/bugs/1890501
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1890501
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
13
reference_url https://security.openstack.org/ossa/OSSA-2020-006.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-006.html
14
reference_url http://www.openwall.com/lists/oss-security/2020/08/25/4
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/25/4
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
reference_id 1869426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
reference_id 969052
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
17
reference_url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
reference_id GHSA-c7w7-9c85-4qxv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
18
reference_url https://access.redhat.com/errata/RHSA-2020:3702
reference_id RHSA-2020:3702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3702
19
reference_url https://access.redhat.com/errata/RHSA-2020:3704
reference_id RHSA-2020:3704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3704
20
reference_url https://access.redhat.com/errata/RHSA-2020:3706
reference_id RHSA-2020:3706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3706
21
reference_url https://access.redhat.com/errata/RHSA-2020:3708
reference_id RHSA-2020:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3708
22
reference_url https://access.redhat.com/errata/RHSA-2020:3711
reference_id RHSA-2020:3711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3711
23
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq
1
url VCID-1p1c-fevy-bydg
vulnerability_id VCID-1p1c-fevy-bydg
summary 
Insufficient Verification of Data Authenticity
It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0790.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
4
reference_url https://access.redhat.com/errata/RHSA-2015:0790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0790
5
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
6
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42694
published_at 2026-04-18T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42678
published_at 2026-04-09T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42701
published_at 2026-04-11T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42665
published_at 2026-04-12T12:55:00Z
4
value 0.00205
scoring_system epss
scoring_elements 0.42648
published_at 2026-04-13T12:55:00Z
5
value 0.00205
scoring_system epss
scoring_elements 0.42708
published_at 2026-04-16T12:55:00Z
6
value 0.00205
scoring_system epss
scoring_elements 0.42576
published_at 2026-04-01T12:55:00Z
7
value 0.00205
scoring_system epss
scoring_elements 0.42646
published_at 2026-04-02T12:55:00Z
8
value 0.00205
scoring_system epss
scoring_elements 0.42674
published_at 2026-04-04T12:55:00Z
9
value 0.00205
scoring_system epss
scoring_elements 0.42615
published_at 2026-04-07T12:55:00Z
10
value 0.00205
scoring_system epss
scoring_elements 0.42666
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
9
reference_url https://bugs.launchpad.net/nova/+bug/1409142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1409142
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
12
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
reference_id 780250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
14
reference_url https://access.redhat.com/security/cve/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-0259
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
16
reference_url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
reference_id GHSA-x8xr-rm9r-7mvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2015-0259, GHSA-x8xr-rm9r-7mvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg
2
url VCID-1qbm-qguj-gkem
vulnerability_id VCID-1qbm-qguj-gkem
summary 
OpenStack Nova Filter Scheduler Bypass
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0241
1
reference_url https://access.redhat.com/errata/RHSA-2018:0314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0314
2
reference_url https://access.redhat.com/errata/RHSA-2018:0369
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0369
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-18T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-01T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59715
published_at 2026-04-02T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.5974
published_at 2026-04-04T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.5971
published_at 2026-04-07T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-13T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59775
published_at 2026-04-09T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59794
published_at 2026-04-11T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59779
published_at 2026-04-12T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59798
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:P
1
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
9
reference_url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
10
reference_url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
11
reference_url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
12
reference_url https://launchpad.net/bugs/1664931
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1664931
13
reference_url https://security.openstack.org/ossa/OSSA-2017-005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-005.html
14
reference_url https://www.debian.org/security/2017/dsa-4056
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4056
15
reference_url http://www.securityfocus.com/bid/101950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101950
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
reference_id 1508539
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
reference_id 882009
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
reference_id CVE-2017-16239
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
31
reference_url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
reference_id GHSA-w2wf-cgwh-vpqg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
fixed_packages
0
url pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
purl pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-qfdm-g857-3yb5
8
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1
1
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-16239, GHSA-w2wf-cgwh-vpqg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem
3
url VCID-2dpk-ncrc-1fcw
vulnerability_id VCID-2dpk-ncrc-1fcw
summary An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2622
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2622
1
reference_url https://access.redhat.com/errata/RHSA-2019:2631
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2631
2
reference_url https://access.redhat.com/errata/RHSA-2019:2652
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2652
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
reference_id
reference_type
scores
0
value 0.01327
scoring_system epss
scoring_elements 0.79871
published_at 2026-04-01T12:55:00Z
1
value 0.01327
scoring_system epss
scoring_elements 0.79924
published_at 2026-04-09T12:55:00Z
2
value 0.01327
scoring_system epss
scoring_elements 0.79944
published_at 2026-04-11T12:55:00Z
3
value 0.01327
scoring_system epss
scoring_elements 0.79927
published_at 2026-04-12T12:55:00Z
4
value 0.01327
scoring_system epss
scoring_elements 0.79919
published_at 2026-04-13T12:55:00Z
5
value 0.01327
scoring_system epss
scoring_elements 0.79948
published_at 2026-04-16T12:55:00Z
6
value 0.01327
scoring_system epss
scoring_elements 0.79949
published_at 2026-04-18T12:55:00Z
7
value 0.01327
scoring_system epss
scoring_elements 0.79887
published_at 2026-04-07T12:55:00Z
8
value 0.01327
scoring_system epss
scoring_elements 0.79899
published_at 2026-04-04T12:55:00Z
9
value 0.01327
scoring_system epss
scoring_elements 0.79877
published_at 2026-04-02T12:55:00Z
10
value 0.01327
scoring_system epss
scoring_elements 0.79915
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
10
reference_url https://launchpad.net/bugs/1837877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1837877
11
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
13
reference_url https://security.openstack.org/ossa/OSSA-2019-003.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-003.html
14
reference_url https://usn.ubuntu.com/4104-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4104-1
15
reference_url https://usn.ubuntu.com/4104-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4104-1/
16
reference_url http://www.openwall.com/lists/oss-security/2019/08/06/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/06/6
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
reference_id 1735522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
reference_id 934114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
19
reference_url https://github.com/advisories/GHSA-pg64-r7rr-phv8
reference_id GHSA-pg64-r7rr-phv8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pg64-r7rr-phv8
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2019-14433, GHSA-pg64-r7rr-phv8, PYSEC-2019-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpk-ncrc-1fcw
4
url VCID-5nfz-1bk3-93fe
vulnerability_id VCID-5nfz-1bk3-93fe
summary 
OpenStack Nova instance migration process does not stop when instance is deleted
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1723.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1723.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
2
reference_url https://access.redhat.com/errata/RHSA-2015:1723
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1723
3
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
reference_id
reference_type
scores
0
value 0.0197
scoring_system epss
scoring_elements 0.83569
published_at 2026-04-18T12:55:00Z
1
value 0.0197
scoring_system epss
scoring_elements 0.83469
published_at 2026-04-01T12:55:00Z
2
value 0.0197
scoring_system epss
scoring_elements 0.83481
published_at 2026-04-02T12:55:00Z
3
value 0.0197
scoring_system epss
scoring_elements 0.83496
published_at 2026-04-04T12:55:00Z
4
value 0.0197
scoring_system epss
scoring_elements 0.83495
published_at 2026-04-07T12:55:00Z
5
value 0.0197
scoring_system epss
scoring_elements 0.83519
published_at 2026-04-08T12:55:00Z
6
value 0.0197
scoring_system epss
scoring_elements 0.83529
published_at 2026-04-09T12:55:00Z
7
value 0.0197
scoring_system epss
scoring_elements 0.83543
published_at 2026-04-11T12:55:00Z
8
value 0.0197
scoring_system epss
scoring_elements 0.83537
published_at 2026-04-12T12:55:00Z
9
value 0.0197
scoring_system epss
scoring_elements 0.83534
published_at 2026-04-13T12:55:00Z
10
value 0.0197
scoring_system epss
scoring_elements 0.83568
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
10
reference_url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
11
reference_url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
12
reference_url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
13
reference_url https://launchpad.net/bugs/1387543
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1387543
14
reference_url https://security.openstack.org/ossa/OSSA-2015-015.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-015.html
15
reference_url http://www.securityfocus.com/bid/75372
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/75372
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
reference_id 796109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
17
reference_url https://access.redhat.com/security/cve/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3241
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
19
reference_url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
reference_id GHSA-3vx7-xff6-h2vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
20
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-3241, GHSA-3vx7-xff6-h2vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe
5
url VCID-5w9q-vw2n-zfdu
vulnerability_id VCID-5w9q-vw2n-zfdu
summary 
OpenStack Nova Denial of Service in network source security groups
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
references
0
reference_url http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f
1
reference_url http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c
2
reference_url http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4185
reference_id
reference_type
scores
0
value 0.00583
scoring_system epss
scoring_elements 0.68992
published_at 2026-04-12T12:55:00Z
1
value 0.00583
scoring_system epss
scoring_elements 0.69013
published_at 2026-04-18T12:55:00Z
2
value 0.00583
scoring_system epss
scoring_elements 0.69007
published_at 2026-04-11T12:55:00Z
3
value 0.00583
scoring_system epss
scoring_elements 0.68963
published_at 2026-04-13T12:55:00Z
4
value 0.00583
scoring_system epss
scoring_elements 0.68897
published_at 2026-04-01T12:55:00Z
5
value 0.00583
scoring_system epss
scoring_elements 0.68914
published_at 2026-04-02T12:55:00Z
6
value 0.00583
scoring_system epss
scoring_elements 0.69004
published_at 2026-04-16T12:55:00Z
7
value 0.00583
scoring_system epss
scoring_elements 0.68935
published_at 2026-04-04T12:55:00Z
8
value 0.00583
scoring_system epss
scoring_elements 0.68915
published_at 2026-04-07T12:55:00Z
9
value 0.00583
scoring_system epss
scoring_elements 0.68965
published_at 2026-04-08T12:55:00Z
10
value 0.00583
scoring_system epss
scoring_elements 0.68984
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4185
6
reference_url https://bugs.launchpad.net/nova/+bug/1184041
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1184041
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
8
reference_url http://seclists.org/oss-sec/2013/q3/282
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/282
9
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907
reference_id 718907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=993331
reference_id 993331
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=993331
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4185
reference_id CVE-2013-4185
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4185
13
reference_url https://github.com/advisories/GHSA-ph2h-hh49-vh27
reference_id GHSA-ph2h-hh49-vh27
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph2h-hh49-vh27
14
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4185, GHSA-ph2h-hh49-vh27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w9q-vw2n-zfdu
6
url VCID-6n3z-x4zj-4bez
vulnerability_id VCID-6n3z-x4zj-4bez
summary 
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-2684.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2684.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:2673
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2673
2
reference_url https://access.redhat.com/errata/RHSA-2015:2684
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2684
3
reference_url https://access.redhat.com/errata/RHSA-2016:0013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0013
4
reference_url https://access.redhat.com/errata/RHSA-2016:0017
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0017
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
reference_id
reference_type
scores
0
value 0.01522
scoring_system epss
scoring_elements 0.81283
published_at 2026-04-11T12:55:00Z
1
value 0.01522
scoring_system epss
scoring_elements 0.81198
published_at 2026-04-01T12:55:00Z
2
value 0.01522
scoring_system epss
scoring_elements 0.81206
published_at 2026-04-02T12:55:00Z
3
value 0.01522
scoring_system epss
scoring_elements 0.81229
published_at 2026-04-07T12:55:00Z
4
value 0.01522
scoring_system epss
scoring_elements 0.81257
published_at 2026-04-08T12:55:00Z
5
value 0.01522
scoring_system epss
scoring_elements 0.81262
published_at 2026-04-09T12:55:00Z
6
value 0.01522
scoring_system epss
scoring_elements 0.81269
published_at 2026-04-12T12:55:00Z
7
value 0.01522
scoring_system epss
scoring_elements 0.81299
published_at 2026-04-18T12:55:00Z
8
value 0.01522
scoring_system epss
scoring_elements 0.81298
published_at 2026-04-16T12:55:00Z
9
value 0.01522
scoring_system epss
scoring_elements 0.81261
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
7
reference_url https://bugs.launchpad.net/nova/+bug/1491307
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1491307
8
reference_url https://bugs.launchpad.net/nova/+bug/1492961
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1492961
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://security.openstack.org/ossa/OSSA-2015-021.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-021.html
13
reference_url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
14
reference_url http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76960
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
16
reference_url https://access.redhat.com/security/cve/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-7713
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
18
reference_url https://github.com/advisories/GHSA-67rh-9p29-vrxr
reference_id GHSA-67rh-9p29-vrxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rh-9p29-vrxr
19
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-7713, GHSA-67rh-9p29-vrxr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez
7
url VCID-7wvt-bvww-g7ck
vulnerability_id VCID-7wvt-bvww-g7ck
summary 
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id.  NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4278
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42266
published_at 2026-04-16T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42216
published_at 2026-04-13T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-12T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.4225
published_at 2026-04-08T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42242
published_at 2026-04-18T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42258
published_at 2026-04-09T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.4217
published_at 2026-04-01T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-02T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.4228
published_at 2026-04-11T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.42257
published_at 2026-04-04T12:55:00Z
10
value 0.00201
scoring_system epss
scoring_elements 0.42199
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4278
4
reference_url https://bugs.launchpad.net/ossa/+bug/1212179
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1212179
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9
8
reference_url https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492
9
reference_url https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4278
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4278
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1000086
reference_id 1000086
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1000086
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602
reference_id 720602
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602
13
reference_url https://github.com/advisories/GHSA-43cm-73px-5v4m
reference_id GHSA-43cm-73px-5v4m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43cm-73px-5v4m
14
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4278, GHSA-43cm-73px-5v4m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvt-bvww-g7ck
8
url VCID-7yp4-ebnm-g3c3
vulnerability_id VCID-7yp4-ebnm-g3c3
summary 
OpenStack Nova host data access through resize/migration
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0363
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0363
1
reference_url https://access.redhat.com/errata/RHSA-2016:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0364
2
reference_url https://access.redhat.com/errata/RHSA-2016:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0365
3
reference_url https://access.redhat.com/errata/RHSA-2016:0366
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0366
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2140
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70304
published_at 2026-04-01T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70418
published_at 2026-04-18T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70409
published_at 2026-04-16T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70366
published_at 2026-04-13T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.7038
published_at 2026-04-12T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70395
published_at 2026-04-11T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70371
published_at 2026-04-09T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70356
published_at 2026-04-08T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70311
published_at 2026-04-07T12:55:00Z
9
value 0.00634
scoring_system epss
scoring_elements 0.70334
published_at 2026-04-04T12:55:00Z
10
value 0.00634
scoring_system epss
scoring_elements 0.70317
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2140
6
reference_url https://bugs.launchpad.net/nova/+bug/1548450
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1548450
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1313454
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1313454
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
9
reference_url http://seclists.org/oss-sec/2016/q1/563
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2016/q1/563
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
12
reference_url https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793
13
reference_url https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701
14
reference_url https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666
15
reference_url https://security.openstack.org/ossa/OSSA-2016-007.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-007.html
16
reference_url http://www.openwall.com/lists/oss-security/2016/03/08/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/03/08/6
17
reference_url http://www.securityfocus.com/bid/84277
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/84277
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://access.redhat.com/security/cve/CVE-2016-2140
reference_id CVE-2016-2140
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2016-2140
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2140
reference_id CVE-2016-2140
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2140
21
reference_url https://github.com/advisories/GHSA-49jv-37hm-6gfp
reference_id GHSA-49jv-37hm-6gfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49jv-37hm-6gfp
22
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2016-2140, GHSA-49jv-37hm-6gfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp4-ebnm-g3c3
9
url VCID-9se5-m6dx-8kcj
vulnerability_id VCID-9se5-m6dx-8kcj
summary 
OpenStack Nova Potential Xen connection password leak via StorageError
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8749
reference_id
reference_type
scores
0
value 0.00942
scoring_system epss
scoring_elements 0.76213
published_at 2026-04-01T12:55:00Z
1
value 0.00942
scoring_system epss
scoring_elements 0.76321
published_at 2026-04-18T12:55:00Z
2
value 0.00942
scoring_system epss
scoring_elements 0.76316
published_at 2026-04-16T12:55:00Z
3
value 0.00942
scoring_system epss
scoring_elements 0.76275
published_at 2026-04-13T12:55:00Z
4
value 0.00942
scoring_system epss
scoring_elements 0.7628
published_at 2026-04-12T12:55:00Z
5
value 0.00942
scoring_system epss
scoring_elements 0.76302
published_at 2026-04-11T12:55:00Z
6
value 0.00942
scoring_system epss
scoring_elements 0.76276
published_at 2026-04-09T12:55:00Z
7
value 0.00942
scoring_system epss
scoring_elements 0.76262
published_at 2026-04-08T12:55:00Z
8
value 0.00942
scoring_system epss
scoring_elements 0.7623
published_at 2026-04-07T12:55:00Z
9
value 0.00942
scoring_system epss
scoring_elements 0.7625
published_at 2026-04-04T12:55:00Z
10
value 0.00942
scoring_system epss
scoring_elements 0.76219
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8749
2
reference_url https://bugs.launchpad.net/nova/+bug/1516765
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1516765
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0
7
reference_url https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27
8
reference_url https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77
9
reference_url https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252
10
reference_url https://security.openstack.org/ossa/OSSA-2016-002.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-002.html
11
reference_url http://www.openwall.com/lists/oss-security/2016/01/07/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/07/8
12
reference_url http://www.openwall.com/lists/oss-security/2016/01/07/9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/07/9
13
reference_url http://www.securityfocus.com/bid/80189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/80189
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1296837
reference_id 1296837
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1296837
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8749
reference_id CVE-2015-8749
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8749
17
reference_url https://github.com/advisories/GHSA-c36r-g737-9qp8
reference_id GHSA-c36r-g737-9qp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c36r-g737-9qp8
18
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-8749, GHSA-c36r-g737-9qp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9se5-m6dx-8kcj
10
url VCID-az4e-wgmd-gyc3
vulnerability_id VCID-az4e-wgmd-gyc3
summary 
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4469
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.19106
published_at 2026-04-04T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18834
published_at 2026-04-18T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18821
published_at 2026-04-16T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.1887
published_at 2026-04-13T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18921
published_at 2026-04-12T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18827
published_at 2026-04-07T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18968
published_at 2026-04-11T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18961
published_at 2026-04-09T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18918
published_at 2026-04-01T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.19054
published_at 2026-04-02T12:55:00Z
10
value 0.0006
scoring_system epss
scoring_elements 0.18907
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4469
2
reference_url https://bugs.launchpad.net/nova/+bug/1206081
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1206081
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18
6
reference_url https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
7
reference_url https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4469
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4469
9
reference_url http://www.openwall.com/lists/oss-security/2013/10/31/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/31/3
10
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1023581
reference_id 1023581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1023581
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
reference_id 728605
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
13
reference_url https://github.com/advisories/GHSA-2w87-5qcj-j6gx
reference_id GHSA-2w87-5qcj-j6gx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w87-5qcj-j6gx
14
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4469, GHSA-2w87-5qcj-j6gx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-az4e-wgmd-gyc3
11
url VCID-bauj-n7jg-gkd2
vulnerability_id VCID-bauj-n7jg-gkd2
summary 
OpenStack Compute (Nova) Denial of Service vulnerability
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
3
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
4
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.77595
published_at 2026-04-09T12:55:00Z
1
value 0.01057
scoring_system epss
scoring_elements 0.7764
published_at 2026-04-18T12:55:00Z
2
value 0.01057
scoring_system epss
scoring_elements 0.77642
published_at 2026-04-16T12:55:00Z
3
value 0.01057
scoring_system epss
scoring_elements 0.77578
published_at 2026-04-04T12:55:00Z
4
value 0.01057
scoring_system epss
scoring_elements 0.77558
published_at 2026-04-07T12:55:00Z
5
value 0.01057
scoring_system epss
scoring_elements 0.77588
published_at 2026-04-08T12:55:00Z
6
value 0.01057
scoring_system epss
scoring_elements 0.77622
published_at 2026-04-11T12:55:00Z
7
value 0.01057
scoring_system epss
scoring_elements 0.77604
published_at 2026-04-13T12:55:00Z
8
value 0.01057
scoring_system epss
scoring_elements 0.77545
published_at 2026-04-01T12:55:00Z
9
value 0.01057
scoring_system epss
scoring_elements 0.77606
published_at 2026-04-12T12:55:00Z
10
value 0.01057
scoring_system epss
scoring_elements 0.77551
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
7
reference_url https://bugs.launchpad.net/nova/+bug/1358583
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1358583
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
13
reference_url http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70777
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
16
reference_url https://access.redhat.com/security/cve/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3708
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
18
reference_url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
reference_id GHSA-43hc-pwvx-pmfg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-3708, GHSA-43hc-pwvx-pmfg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2
12
url VCID-br4q-499g-vqhg
vulnerability_id VCID-br4q-499g-vqhg
summary 
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.72732
published_at 2026-04-18T12:55:00Z
1
value 0.00731
scoring_system epss
scoring_elements 0.72721
published_at 2026-04-16T12:55:00Z
2
value 0.00731
scoring_system epss
scoring_elements 0.72679
published_at 2026-04-13T12:55:00Z
3
value 0.00731
scoring_system epss
scoring_elements 0.72689
published_at 2026-04-12T12:55:00Z
4
value 0.00731
scoring_system epss
scoring_elements 0.72706
published_at 2026-04-11T12:55:00Z
5
value 0.00731
scoring_system epss
scoring_elements 0.72682
published_at 2026-04-09T12:55:00Z
6
value 0.00731
scoring_system epss
scoring_elements 0.72669
published_at 2026-04-08T12:55:00Z
7
value 0.00731
scoring_system epss
scoring_elements 0.7263
published_at 2026-04-07T12:55:00Z
8
value 0.00731
scoring_system epss
scoring_elements 0.72653
published_at 2026-04-04T12:55:00Z
9
value 0.00731
scoring_system epss
scoring_elements 0.72635
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://launchpad.net/bugs/1996188
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://launchpad.net/bugs/1996188
5
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
8
reference_url https://security.openstack.org/ossa/OSSA-2023-002.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://security.openstack.org/ossa/OSSA-2023-002.html
9
reference_url https://www.debian.org/security/2023/dsa-5336
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5336
10
reference_url https://www.debian.org/security/2023/dsa-5337
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5337
11
reference_url https://www.debian.org/security/2023/dsa-5338
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5338
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id 1029561
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id 1029562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id 1029563
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id 2161812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
reference_id CVE-2022-47951
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
17
reference_url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
reference_id GHSA-7h75-hwxx-qpgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
18
reference_url https://access.redhat.com/errata/RHSA-2023:1015
reference_id RHSA-2023:1015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1015
19
reference_url https://access.redhat.com/errata/RHSA-2023:1016
reference_id RHSA-2023:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1016
20
reference_url https://access.redhat.com/errata/RHSA-2023:1017
reference_id RHSA-2023:1017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1017
21
reference_url https://access.redhat.com/errata/RHSA-2023:1278
reference_id RHSA-2023:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1278
22
reference_url https://access.redhat.com/errata/RHSA-2023:1279
reference_id RHSA-2023:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1279
23
reference_url https://access.redhat.com/errata/RHSA-2023:1280
reference_id RHSA-2023:1280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1280
24
reference_url https://usn.ubuntu.com/5835-1/
reference_id USN-5835-1
reference_type
scores
url https://usn.ubuntu.com/5835-1/
25
reference_url https://usn.ubuntu.com/5835-2/
reference_id USN-5835-2
reference_type
scores
url https://usn.ubuntu.com/5835-2/
26
reference_url https://usn.ubuntu.com/5835-3/
reference_id USN-5835-3
reference_type
scores
url https://usn.ubuntu.com/5835-3/
27
reference_url https://usn.ubuntu.com/5835-4/
reference_id USN-5835-4
reference_type
scores
url https://usn.ubuntu.com/5835-4/
28
reference_url https://usn.ubuntu.com/5835-5/
reference_id USN-5835-5
reference_type
scores
url https://usn.ubuntu.com/5835-5/
29
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg
13
url VCID-cwub-w9dp-wfgy
vulnerability_id VCID-cwub-w9dp-wfgy
summary 
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
reference_id
reference_type
scores
0
value 0.00841
scoring_system epss
scoring_elements 0.74759
published_at 2026-04-18T12:55:00Z
1
value 0.00841
scoring_system epss
scoring_elements 0.74752
published_at 2026-04-16T12:55:00Z
2
value 0.00841
scoring_system epss
scoring_elements 0.74715
published_at 2026-04-13T12:55:00Z
3
value 0.00841
scoring_system epss
scoring_elements 0.74724
published_at 2026-04-12T12:55:00Z
4
value 0.00841
scoring_system epss
scoring_elements 0.74745
published_at 2026-04-11T12:55:00Z
5
value 0.00841
scoring_system epss
scoring_elements 0.74722
published_at 2026-04-09T12:55:00Z
6
value 0.00841
scoring_system epss
scoring_elements 0.74707
published_at 2026-04-08T12:55:00Z
7
value 0.00841
scoring_system epss
scoring_elements 0.74675
published_at 2026-04-07T12:55:00Z
8
value 0.00841
scoring_system epss
scoring_elements 0.747
published_at 2026-04-04T12:55:00Z
9
value 0.00841
scoring_system epss
scoring_elements 0.74671
published_at 2026-04-01T12:55:00Z
10
value 0.00841
scoring_system epss
scoring_elements 0.74674
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
3
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
4
reference_url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
5
reference_url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
6
reference_url https://launchpad.net/bugs/1732976
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1732976
7
reference_url https://review.openstack.org/521662
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/521662
8
reference_url https://review.openstack.org/523214
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/523214
9
reference_url https://security.openstack.org/ossa/OSSA-2017-006.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-006.html
10
reference_url http://www.securityfocus.com/bid/102102
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/102102
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
reference_id 1519231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
reference_id 883621
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
reference_id CVE-2017-17051
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
15
reference_url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
reference_id GHSA-vq76-rxx3-4r4r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
fixed_packages
0
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-17051, GHSA-vq76-rxx3-4r4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwub-w9dp-wfgy
14
url VCID-cy7p-gzf8-eqcj
vulnerability_id VCID-cy7p-gzf8-eqcj
summary 
OpenStack Nova Denial of service attack on the compute host
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
references
0
reference_url http://openwall.com/lists/oss-security/2018/04/20/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2018/04/20/3
1
reference_url https://access.redhat.com/errata/RHSA-2018:2332
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2332
2
reference_url https://access.redhat.com/errata/RHSA-2018:2714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2714
3
reference_url https://access.redhat.com/errata/RHSA-2018:2855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2855
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
reference_id
reference_type
scores
0
value 0.02481
scoring_system epss
scoring_elements 0.8525
published_at 2026-04-04T12:55:00Z
1
value 0.02481
scoring_system epss
scoring_elements 0.85232
published_at 2026-04-02T12:55:00Z
2
value 0.02481
scoring_system epss
scoring_elements 0.85313
published_at 2026-04-18T12:55:00Z
3
value 0.02481
scoring_system epss
scoring_elements 0.85292
published_at 2026-04-13T12:55:00Z
4
value 0.02481
scoring_system epss
scoring_elements 0.85295
published_at 2026-04-12T12:55:00Z
5
value 0.02481
scoring_system epss
scoring_elements 0.85297
published_at 2026-04-11T12:55:00Z
6
value 0.02481
scoring_system epss
scoring_elements 0.85282
published_at 2026-04-09T12:55:00Z
7
value 0.02481
scoring_system epss
scoring_elements 0.85274
published_at 2026-04-08T12:55:00Z
8
value 0.02481
scoring_system epss
scoring_elements 0.85252
published_at 2026-04-07T12:55:00Z
9
value 0.02481
scoring_system epss
scoring_elements 0.8522
published_at 2026-04-01T12:55:00Z
10
value 0.02481
scoring_system epss
scoring_elements 0.85312
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
10
reference_url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
11
reference_url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
12
reference_url https://launchpad.net/bugs/1739593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1739593
13
reference_url https://review.openstack.org/539893
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/539893
14
reference_url https://security.openstack.org/ossa/OSSA-2018-001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2018-001.html
15
reference_url http://www.securityfocus.com/bid/103104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103104
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
reference_id 1546937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
reference_id CVE-2017-18191
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
18
reference_url https://github.com/advisories/GHSA-ffmh-r67w-m88f
reference_id GHSA-ffmh-r67w-m88f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffmh-r67w-m88f
19
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-18191, GHSA-ffmh-r67w-m88f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy7p-gzf8-eqcj
15
url VCID-ek6e-977t-3bew
vulnerability_id VCID-ek6e-977t-3bew
summary 
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
reference_id
reference_type
scores
0
value 0.00795
scoring_system epss
scoring_elements 0.73931
published_at 2026-04-07T12:55:00Z
1
value 0.00795
scoring_system epss
scoring_elements 0.74025
published_at 2026-04-18T12:55:00Z
2
value 0.00795
scoring_system epss
scoring_elements 0.73935
published_at 2026-04-02T12:55:00Z
3
value 0.00795
scoring_system epss
scoring_elements 0.7396
published_at 2026-04-04T12:55:00Z
4
value 0.00795
scoring_system epss
scoring_elements 0.73965
published_at 2026-04-08T12:55:00Z
5
value 0.00795
scoring_system epss
scoring_elements 0.74016
published_at 2026-04-16T12:55:00Z
6
value 0.00795
scoring_system epss
scoring_elements 0.73976
published_at 2026-04-13T12:55:00Z
7
value 0.00795
scoring_system epss
scoring_elements 0.73984
published_at 2026-04-12T12:55:00Z
8
value 0.00795
scoring_system epss
scoring_elements 0.74002
published_at 2026-04-11T12:55:00Z
9
value 0.00795
scoring_system epss
scoring_elements 0.73925
published_at 2026-04-01T12:55:00Z
10
value 0.00795
scoring_system epss
scoring_elements 0.73979
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
6
reference_url https://launchpad.net/bugs/1392527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1392527
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url https://security.openstack.org/ossa/OSSA-2015-017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-017.html
9
reference_url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
10
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
11
reference_url http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76553
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
reference_id 798883
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://access.redhat.com/security/cve/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3280
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
16
reference_url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
reference_id GHSA-mfmj-gwg3-vhw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
17
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-3280, GHSA-mfmj-gwg3-vhw7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew
16
url VCID-ex1j-py3q-93hv
vulnerability_id VCID-ex1j-py3q-93hv
summary 
Exposure of Sensitive Information to an Unauthorized Actor
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2014:0940
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0940
1
reference_url https://access.redhat.com/errata/RHSA-2014:1084
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1084
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60668
published_at 2026-04-18T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60567
published_at 2026-04-07T12:55:00Z
2
value 0.00398
scoring_system epss
scoring_elements 0.60616
published_at 2026-04-08T12:55:00Z
3
value 0.00398
scoring_system epss
scoring_elements 0.60632
published_at 2026-04-09T12:55:00Z
4
value 0.00398
scoring_system epss
scoring_elements 0.60656
published_at 2026-04-11T12:55:00Z
5
value 0.00398
scoring_system epss
scoring_elements 0.60641
published_at 2026-04-12T12:55:00Z
6
value 0.00398
scoring_system epss
scoring_elements 0.6062
published_at 2026-04-13T12:55:00Z
7
value 0.00398
scoring_system epss
scoring_elements 0.60662
published_at 2026-04-16T12:55:00Z
8
value 0.00398
scoring_system epss
scoring_elements 0.60495
published_at 2026-04-01T12:55:00Z
9
value 0.00398
scoring_system epss
scoring_elements 0.6057
published_at 2026-04-02T12:55:00Z
10
value 0.00398
scoring_system epss
scoring_elements 0.60598
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
4
reference_url https://bugs.launchpad.net/nova/+bug/1325128
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1325128
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url http://www.openwall.com/lists/oss-security/2014/07/17/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/07/17/2
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
reference_id 755042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
12
reference_url https://access.redhat.com/security/cve/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3517
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
14
reference_url https://github.com/advisories/GHSA-xjmj-p278-4jp5
reference_id GHSA-xjmj-p278-4jp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjmj-p278-4jp5
15
reference_url https://usn.ubuntu.com/2325-1/
reference_id USN-2325-1
reference_type
scores
url https://usn.ubuntu.com/2325-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-3517, GHSA-xjmj-p278-4jp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv
17
url VCID-h6rd-5p7q-s3gq
vulnerability_id VCID-h6rd-5p7q-s3gq
summary 
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38394
published_at 2026-04-18T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38413
published_at 2026-04-16T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38465
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38489
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38353
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38404
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38412
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38428
published_at 2026-04-11T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38366
published_at 2026-04-13T12:55:00Z
9
value 0.00171
scoring_system epss
scoring_elements 0.38391
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
3
reference_url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
4
reference_url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
5
reference_url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
6
reference_url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
7
reference_url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
8
reference_url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
9
reference_url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
10
reference_url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
11
reference_url https://launchpad.net/bugs/2059809
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://launchpad.net/bugs/2059809
12
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
15
reference_url https://security.openstack.org/ossa/OSSA-2024-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://security.openstack.org/ossa/OSSA-2024-001.html
16
reference_url https://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://www.openwall.com/lists/oss-security/2024/07/02/2
17
reference_url http://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url http://www.openwall.com/lists/oss-security/2024/07/02/2
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id 1074761
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id 1074762
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id 1074763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id 2278663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
22
reference_url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
reference_id GHSA-r4v4-w9pv-6fph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
23
reference_url https://access.redhat.com/errata/RHSA-2024:4272
reference_id RHSA-2024:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4272
24
reference_url https://access.redhat.com/errata/RHSA-2024:4273
reference_id RHSA-2024:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4273
25
reference_url https://access.redhat.com/errata/RHSA-2024:4274
reference_id RHSA-2024:4274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4274
26
reference_url https://access.redhat.com/errata/RHSA-2024:4425
reference_id RHSA-2024:4425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4425
27
reference_url https://usn.ubuntu.com/6882-1/
reference_id USN-6882-1
reference_type
scores
url https://usn.ubuntu.com/6882-1/
28
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
29
reference_url https://usn.ubuntu.com/6883-1/
reference_id USN-6883-1
reference_type
scores
url https://usn.ubuntu.com/6883-1/
30
reference_url https://usn.ubuntu.com/6884-1/
reference_id USN-6884-1
reference_type
scores
url https://usn.ubuntu.com/6884-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3
aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq
18
url VCID-hcsa-vfvp-buax
vulnerability_id VCID-hcsa-vfvp-buax
summary 
OpenStack Nova Router metadata queries are not restricted by tenant
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0091.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0091.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6419
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.68423
published_at 2026-04-18T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68306
published_at 2026-04-01T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68326
published_at 2026-04-02T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.68345
published_at 2026-04-04T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68322
published_at 2026-04-07T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.68373
published_at 2026-04-08T12:55:00Z
6
value 0.00563
scoring_system epss
scoring_elements 0.6839
published_at 2026-04-09T12:55:00Z
7
value 0.00563
scoring_system epss
scoring_elements 0.68417
published_at 2026-04-11T12:55:00Z
8
value 0.00563
scoring_system epss
scoring_elements 0.68404
published_at 2026-04-12T12:55:00Z
9
value 0.00563
scoring_system epss
scoring_elements 0.68372
published_at 2026-04-13T12:55:00Z
10
value 0.00563
scoring_system epss
scoring_elements 0.6841
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6419
4
reference_url https://bugs.launchpad.net/neutron/+bug/1235450
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/neutron/+bug/1235450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55
8
reference_url https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7
9
reference_url https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6419
11
reference_url https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py
12
reference_url https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py
13
reference_url http://www.openwall.com/lists/oss-security/2013/12/11/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/11/8
14
reference_url http://www.securityfocus.com/bid/64250
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/64250
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039148
reference_id 1039148
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039148
16
reference_url https://github.com/advisories/GHSA-22w9-j288-8p9w
reference_id GHSA-22w9-j288-8p9w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22w9-j288-8p9w
17
reference_url https://access.redhat.com/errata/RHSA-2014:0091
reference_id RHSA-2014:0091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0091
18
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-6419, GHSA-22w9-j288-8p9w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcsa-vfvp-buax
19
url VCID-hgk8-jtvw-9fgb
vulnerability_id VCID-hgk8-jtvw-9fgb
summary nova: qpid SSL configuration
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6491
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.59896
published_at 2026-04-01T12:55:00Z
1
value 0.00389
scoring_system epss
scoring_elements 0.59973
published_at 2026-04-02T12:55:00Z
2
value 0.00389
scoring_system epss
scoring_elements 0.59999
published_at 2026-04-04T12:55:00Z
3
value 0.00389
scoring_system epss
scoring_elements 0.59969
published_at 2026-04-07T12:55:00Z
4
value 0.00389
scoring_system epss
scoring_elements 0.60019
published_at 2026-04-08T12:55:00Z
5
value 0.00389
scoring_system epss
scoring_elements 0.60032
published_at 2026-04-09T12:55:00Z
6
value 0.00389
scoring_system epss
scoring_elements 0.60053
published_at 2026-04-11T12:55:00Z
7
value 0.00389
scoring_system epss
scoring_elements 0.60037
published_at 2026-04-12T12:55:00Z
8
value 0.00389
scoring_system epss
scoring_elements 0.6002
published_at 2026-04-13T12:55:00Z
9
value 0.00389
scoring_system epss
scoring_elements 0.6006
published_at 2026-04-16T12:55:00Z
10
value 0.00389
scoring_system epss
scoring_elements 0.60067
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6491
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1059504
reference_id 1059504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1059504
4
reference_url https://access.redhat.com/errata/RHSA-2014:0112
reference_id RHSA-2014:0112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0112
5
reference_url https://usn.ubuntu.com/2208-1/
reference_id USN-2208-1
reference_type
scores
url https://usn.ubuntu.com/2208-1/
6
reference_url https://usn.ubuntu.com/2208-2/
reference_id USN-2208-2
reference_type
scores
url https://usn.ubuntu.com/2208-2/
7
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-6491
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgk8-jtvw-9fgb
20
url VCID-jdb7-71q5-pfcx
vulnerability_id VCID-jdb7-71q5-pfcx
summary 
OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1508
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1508
1
reference_url https://access.redhat.com/errata/RHSA-2017:1595
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1595
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
reference_id
reference_type
scores
0
value 0.01297
scoring_system epss
scoring_elements 0.79665
published_at 2026-04-07T12:55:00Z
1
value 0.01297
scoring_system epss
scoring_elements 0.79727
published_at 2026-04-18T12:55:00Z
2
value 0.01297
scoring_system epss
scoring_elements 0.79698
published_at 2026-04-13T12:55:00Z
3
value 0.01297
scoring_system epss
scoring_elements 0.79705
published_at 2026-04-12T12:55:00Z
4
value 0.01297
scoring_system epss
scoring_elements 0.79721
published_at 2026-04-11T12:55:00Z
5
value 0.01297
scoring_system epss
scoring_elements 0.7965
published_at 2026-04-01T12:55:00Z
6
value 0.01297
scoring_system epss
scoring_elements 0.797
published_at 2026-04-09T12:55:00Z
7
value 0.01297
scoring_system epss
scoring_elements 0.79693
published_at 2026-04-08T12:55:00Z
8
value 0.01297
scoring_system epss
scoring_elements 0.79657
published_at 2026-04-02T12:55:00Z
9
value 0.01297
scoring_system epss
scoring_elements 0.79678
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
8
reference_url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
9
reference_url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
10
reference_url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
11
reference_url https://launchpad.net/bugs/1673569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1673569
12
reference_url http://www.securityfocus.com/bid/96998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96998
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
reference_id 1434844
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
reference_id 858568
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
reference_id CVE-2017-7214
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
28
reference_url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
reference_id GHSA-f4g4-cj8f-3cr9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
fixed_packages
0
url pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
purl pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-qfdm-g857-3yb5
8
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1
aliases CVE-2017-7214, GHSA-f4g4-cj8f-3cr9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdb7-71q5-pfcx
21
url VCID-jdn1-d4d3-sud7
vulnerability_id VCID-jdn1-d4d3-sud7
summary The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0134
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.4217
published_at 2026-04-01T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42242
published_at 2026-04-18T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42266
published_at 2026-04-16T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42216
published_at 2026-04-13T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-12T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.4228
published_at 2026-04-11T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42258
published_at 2026-04-09T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.4225
published_at 2026-04-08T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.42199
published_at 2026-04-07T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.42257
published_at 2026-04-04T12:55:00Z
10
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0134
2
reference_url https://bugs.launchpad.net/nova/+bug/1221190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1221190
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637
6
reference_url https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714
7
reference_url https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0134
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0134
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/27/6
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/27/6
11
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1078002
reference_id 1078002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1078002
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712
reference_id 742712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712
14
reference_url https://github.com/advisories/GHSA-w429-xc55-hc48
reference_id GHSA-w429-xc55-hc48
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w429-xc55-hc48
15
reference_url https://access.redhat.com/errata/RHSA-2014:0578
reference_id RHSA-2014:0578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0578
16
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-0134, GHSA-w429-xc55-hc48, PYSEC-2014-112
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdn1-d4d3-sud7
22
url VCID-k48d-ecqx-m3ed
vulnerability_id VCID-k48d-ecqx-m3ed
summary openstack-nova: May fail to delete images in resize state regression
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7498
reference_id
reference_type
scores
0
value 0.02248
scoring_system epss
scoring_elements 0.84504
published_at 2026-04-01T12:55:00Z
1
value 0.02248
scoring_system epss
scoring_elements 0.84519
published_at 2026-04-02T12:55:00Z
2
value 0.02248
scoring_system epss
scoring_elements 0.8454
published_at 2026-04-04T12:55:00Z
3
value 0.02248
scoring_system epss
scoring_elements 0.84544
published_at 2026-04-07T12:55:00Z
4
value 0.02248
scoring_system epss
scoring_elements 0.84565
published_at 2026-04-08T12:55:00Z
5
value 0.02248
scoring_system epss
scoring_elements 0.84572
published_at 2026-04-09T12:55:00Z
6
value 0.02248
scoring_system epss
scoring_elements 0.8459
published_at 2026-04-11T12:55:00Z
7
value 0.02248
scoring_system epss
scoring_elements 0.84586
published_at 2026-04-12T12:55:00Z
8
value 0.02248
scoring_system epss
scoring_elements 0.84582
published_at 2026-04-13T12:55:00Z
9
value 0.02248
scoring_system epss
scoring_elements 0.84601
published_at 2026-04-16T12:55:00Z
10
value 0.02248
scoring_system epss
scoring_elements 0.84602
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1378661
reference_id 1378661
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1378661
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2016-7498
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k48d-ecqx-m3ed
23
url VCID-kncr-vrmh-fygm
vulnerability_id VCID-kncr-vrmh-fygm
summary The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1068
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44859
published_at 2026-04-18T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44729
published_at 2026-04-01T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44809
published_at 2026-04-02T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.4483
published_at 2026-04-04T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.4477
published_at 2026-04-07T12:55:00Z
5
value 0.00222
scoring_system epss
scoring_elements 0.44823
published_at 2026-04-08T12:55:00Z
6
value 0.00222
scoring_system epss
scoring_elements 0.44825
published_at 2026-04-09T12:55:00Z
7
value 0.00222
scoring_system epss
scoring_elements 0.44842
published_at 2026-04-11T12:55:00Z
8
value 0.00222
scoring_system epss
scoring_elements 0.44811
published_at 2026-04-12T12:55:00Z
9
value 0.00222
scoring_system epss
scoring_elements 0.44813
published_at 2026-04-13T12:55:00Z
10
value 0.00222
scoring_system epss
scoring_elements 0.44866
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1068
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068
2
reference_url http://ubuntu.com/usn/usn-2248-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2248-1
3
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2247-1
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579
reference_id 753579
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
reference_id 753585
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1068
reference_id CVE-2013-1068
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2013-1068
9
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
10
reference_url https://usn.ubuntu.com/2248-1/
reference_id USN-2248-1
reference_type
scores
url https://usn.ubuntu.com/2248-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-1068
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kncr-vrmh-fygm
24
url VCID-kqbu-drg3-fycm
vulnerability_id VCID-kqbu-drg3-fycm
summary 
OpenStack Nova denial of service through compressed disk images
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
references
0
reference_url http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
1
reference_url http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0112.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0112.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4463
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19058
published_at 2026-04-13T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.1915
published_at 2026-04-09T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19026
published_at 2026-04-18T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19014
published_at 2026-04-16T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19157
published_at 2026-04-11T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19116
published_at 2026-04-01T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.1925
published_at 2026-04-02T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19111
published_at 2026-04-12T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19302
published_at 2026-04-04T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.19017
published_at 2026-04-07T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19097
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4463
5
reference_url https://bugs.launchpad.net/nova/+bug/1206081
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1206081
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url http://www.openwall.com/lists/oss-security/2013/10/31/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/31/3
9
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1023239
reference_id 1023239
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1023239
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
reference_id 728605
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4463
reference_id CVE-2013-4463
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4463
13
reference_url https://github.com/advisories/GHSA-5644-2v3h-5w4x
reference_id GHSA-5644-2v3h-5w4x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5644-2v3h-5w4x
14
reference_url https://access.redhat.com/errata/RHSA-2014:0112
reference_id RHSA-2014:0112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0112
15
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4463, GHSA-5644-2v3h-5w4x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqbu-drg3-fycm
25
url VCID-n6d6-1kyd-qufe
vulnerability_id VCID-n6d6-1kyd-qufe
summary 
OpenStack Compute Nova Improper Access Control
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4497
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.2391
published_at 2026-04-16T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23923
published_at 2026-04-01T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.24049
published_at 2026-04-02T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.24087
published_at 2026-04-04T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.2387
published_at 2026-04-07T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23937
published_at 2026-04-08T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23983
published_at 2026-04-09T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.24
published_at 2026-04-11T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23956
published_at 2026-04-12T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.239
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4497
2
reference_url https://bugs.launchpad.net/nova/+bug/1073306
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1073306
3
reference_url https://bugs.launchpad.net/nova/+bug/1202266
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1202266
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
7
reference_url https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
8
reference_url https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
9
reference_url https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4497
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4497
11
reference_url http://www.openwall.com/lists/oss-security/2013/11/03/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/03/2
12
reference_url http://www.openwall.com/lists/oss-security/2013/11/03/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/03/3
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1026171
reference_id 1026171
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1026171
14
reference_url https://github.com/advisories/GHSA-27q4-38qf-m25h
reference_id GHSA-27q4-38qf-m25h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27q4-38qf-m25h
15
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4497, GHSA-27q4-38qf-m25h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6d6-1kyd-qufe
26
url VCID-nb1y-cbzs-abhc
vulnerability_id VCID-nb1y-cbzs-abhc
summary openstack-nova: Unprivileged API user can access host data using instance snapshot
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0018.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0018.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7548
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38426
published_at 2026-04-18T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38424
published_at 2026-04-12T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38399
published_at 2026-04-13T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38363
published_at 2026-04-01T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.385
published_at 2026-04-02T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38525
published_at 2026-04-04T12:55:00Z
6
value 0.00172
scoring_system epss
scoring_elements 0.38387
published_at 2026-04-07T12:55:00Z
7
value 0.00172
scoring_system epss
scoring_elements 0.38438
published_at 2026-04-08T12:55:00Z
8
value 0.00172
scoring_system epss
scoring_elements 0.38446
published_at 2026-04-16T12:55:00Z
9
value 0.00172
scoring_system epss
scoring_elements 0.38461
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7548
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:C/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.openstack.org/ossa/OSSA-2016-001.html
reference_id
reference_type
scores
url https://security.openstack.org/ossa/OSSA-2016-001.html
6
reference_url http://www.securityfocus.com/bid/80176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80176
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290511
reference_id 1290511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290511
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7548
reference_id CVE-2015-7548
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2015-7548
10
reference_url https://access.redhat.com/errata/RHSA-2016:0018
reference_id RHSA-2016:0018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0018
11
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-7548
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nb1y-cbzs-abhc
27
url VCID-q246-vzd6-3qfb
vulnerability_id VCID-q246-vzd6-3qfb
summary 
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2014:1084
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1084
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json
2
reference_url https://access.redhat.com/security/cve/CVE-2014-0167
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0167
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0167
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59675
published_at 2026-04-11T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59639
published_at 2026-04-13T12:55:00Z
2
value 0.00383
scoring_system epss
scoring_elements 0.59658
published_at 2026-04-12T12:55:00Z
3
value 0.00383
scoring_system epss
scoring_elements 0.59523
published_at 2026-04-01T12:55:00Z
4
value 0.00383
scoring_system epss
scoring_elements 0.59596
published_at 2026-04-02T12:55:00Z
5
value 0.00383
scoring_system epss
scoring_elements 0.59621
published_at 2026-04-04T12:55:00Z
6
value 0.00383
scoring_system epss
scoring_elements 0.59591
published_at 2026-04-07T12:55:00Z
7
value 0.00383
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-08T12:55:00Z
8
value 0.00383
scoring_system epss
scoring_elements 0.59655
published_at 2026-04-09T12:55:00Z
9
value 0.00383
scoring_system epss
scoring_elements 0.5968
published_at 2026-04-18T12:55:00Z
10
value 0.00383
scoring_system epss
scoring_elements 0.59672
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0167
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1084868
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1084868
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167
6
reference_url https://launchpad.net/bugs/1290537
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1290537
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0167
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0167
8
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
9
reference_url http://www.openwall.com/lists/oss-security/2014/04/09/26
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/04/09/26
10
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051
reference_id 744051
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051
12
reference_url https://github.com/advisories/GHSA-p258-xmh3-72pv
reference_id GHSA-p258-xmh3-72pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p258-xmh3-72pv
13
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-0167, GHSA-p258-xmh3-72pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q246-vzd6-3qfb
28
url VCID-qb9p-rpza-5fa5
vulnerability_id VCID-qb9p-rpza-5fa5
summary 
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.647
published_at 2026-04-12T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.64719
published_at 2026-04-18T12:55:00Z
2
value 0.00472
scoring_system epss
scoring_elements 0.64695
published_at 2026-04-09T12:55:00Z
3
value 0.00472
scoring_system epss
scoring_elements 0.64712
published_at 2026-04-11T12:55:00Z
4
value 0.00472
scoring_system epss
scoring_elements 0.64672
published_at 2026-04-13T12:55:00Z
5
value 0.00472
scoring_system epss
scoring_elements 0.64593
published_at 2026-04-01T12:55:00Z
6
value 0.00472
scoring_system epss
scoring_elements 0.64646
published_at 2026-04-02T12:55:00Z
7
value 0.00472
scoring_system epss
scoring_elements 0.64708
published_at 2026-04-16T12:55:00Z
8
value 0.00472
scoring_system epss
scoring_elements 0.64674
published_at 2026-04-04T12:55:00Z
9
value 0.00472
scoring_system epss
scoring_elements 0.64632
published_at 2026-04-07T12:55:00Z
10
value 0.00472
scoring_system epss
scoring_elements 0.6468
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
4
reference_url https://bugs.launchpad.net/nova/+bug/1194093
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1194093
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=993340
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=993340
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
7
reference_url http://seclists.org/oss-sec/2013/q3/281
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/281
8
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
reference_id 718905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
10
reference_url https://access.redhat.com/security/cve/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2256
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
12
reference_url https://github.com/advisories/GHSA-5mj6-643f-2g85
reference_id GHSA-5mj6-643f-2g85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mj6-643f-2g85
13
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-2256, GHSA-5mj6-643f-2g85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5
29
url VCID-qe1w-wnfu-mudr
vulnerability_id VCID-qe1w-wnfu-mudr
summary OpenStack: openstack-nova-compute console-log DoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4261
reference_id
reference_type
scores
0
value 0.00596
scoring_system epss
scoring_elements 0.69285
published_at 2026-04-01T12:55:00Z
1
value 0.00596
scoring_system epss
scoring_elements 0.69297
published_at 2026-04-02T12:55:00Z
2
value 0.00596
scoring_system epss
scoring_elements 0.69315
published_at 2026-04-04T12:55:00Z
3
value 0.00596
scoring_system epss
scoring_elements 0.69294
published_at 2026-04-07T12:55:00Z
4
value 0.00596
scoring_system epss
scoring_elements 0.69345
published_at 2026-04-08T12:55:00Z
5
value 0.00596
scoring_system epss
scoring_elements 0.69361
published_at 2026-04-09T12:55:00Z
6
value 0.00596
scoring_system epss
scoring_elements 0.69384
published_at 2026-04-11T12:55:00Z
7
value 0.00596
scoring_system epss
scoring_elements 0.69368
published_at 2026-04-12T12:55:00Z
8
value 0.00596
scoring_system epss
scoring_elements 0.69355
published_at 2026-04-13T12:55:00Z
9
value 0.00596
scoring_system epss
scoring_elements 0.69393
published_at 2026-04-16T12:55:00Z
10
value 0.00596
scoring_system epss
scoring_elements 0.69404
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4261
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=999271
reference_id 999271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=999271
4
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4261
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qe1w-wnfu-mudr
30
url VCID-qfdm-g857-3yb5
vulnerability_id VCID-qfdm-g857-3yb5
summary 
OpenStack Nova can leak consoleauth token into log files
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24177
published_at 2026-04-18T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24364
published_at 2026-04-04T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.2419
published_at 2026-04-16T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24173
published_at 2026-04-13T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.2423
published_at 2026-04-12T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24273
published_at 2026-04-11T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24256
published_at 2026-04-09T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24213
published_at 2026-04-08T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24201
published_at 2026-04-01T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.2433
published_at 2026-04-02T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24147
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
5
reference_url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
6
reference_url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
7
reference_url https://launchpad.net/bugs/1492140
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1492140
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
9
reference_url https://review.opendev.org/220622
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/220622
10
reference_url https://security.openstack.org/ossa/OSSA-2020-001.html
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-001.html
11
reference_url http://www.openwall.com/lists/oss-security/2020/02/19/2
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/19/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
reference_id 1805386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
reference_id 951635
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
14
reference_url https://github.com/advisories/GHSA-22jm-4hxw-35jf
reference_id GHSA-22jm-4hxw-35jf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22jm-4hxw-35jf
15
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2015-9543, GHSA-22jm-4hxw-35jf
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdm-g857-3yb5
31
url VCID-qnhs-qv3p-myg2
vulnerability_id VCID-qnhs-qv3p-myg2
summary The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2573
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28778
published_at 2026-04-02T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28643
published_at 2026-04-18T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28668
published_at 2026-04-16T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28648
published_at 2026-04-13T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.2874
published_at 2026-04-11T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28736
published_at 2026-04-09T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.28698
published_at 2026-04-08T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28632
published_at 2026-04-07T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28826
published_at 2026-04-04T12:55:00Z
9
value 0.00106
scoring_system epss
scoring_elements 0.28696
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2573
2
reference_url https://bugs.launchpad.net/nova/+bug/1269418
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1269418
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
4
reference_url http://secunia.com/advisories/57498
reference_id
reference_type
scores
url http://secunia.com/advisories/57498
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
7
reference_url https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2573
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2573
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/21/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/21/1
11
reference_url http://www.openwall.com/lists/oss-security/2014/03/21/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/21/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1080289
reference_id 1080289
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1080289
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144
reference_id 750144
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144
14
reference_url https://github.com/advisories/GHSA-jv34-xvjq-ppch
reference_id GHSA-jv34-xvjq-ppch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv34-xvjq-ppch
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-2573, GHSA-jv34-xvjq-ppch, PYSEC-2014-113
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhs-qv3p-myg2
32
url VCID-r558-z5xb-v3a8
vulnerability_id VCID-r558-z5xb-v3a8
summary 
OpenStack Nova VMware instance leak potentially leading to compute DoS
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8333
reference_id
reference_type
scores
0
value 0.00736
scoring_system epss
scoring_elements 0.72865
published_at 2026-04-18T12:55:00Z
1
value 0.00736
scoring_system epss
scoring_elements 0.72786
published_at 2026-04-04T12:55:00Z
2
value 0.00736
scoring_system epss
scoring_elements 0.72761
published_at 2026-04-07T12:55:00Z
3
value 0.00736
scoring_system epss
scoring_elements 0.728
published_at 2026-04-08T12:55:00Z
4
value 0.00736
scoring_system epss
scoring_elements 0.72814
published_at 2026-04-09T12:55:00Z
5
value 0.00736
scoring_system epss
scoring_elements 0.72838
published_at 2026-04-11T12:55:00Z
6
value 0.00736
scoring_system epss
scoring_elements 0.72821
published_at 2026-04-12T12:55:00Z
7
value 0.00736
scoring_system epss
scoring_elements 0.72813
published_at 2026-04-13T12:55:00Z
8
value 0.00736
scoring_system epss
scoring_elements 0.72854
published_at 2026-04-16T12:55:00Z
9
value 0.00736
scoring_system epss
scoring_elements 0.72758
published_at 2026-04-01T12:55:00Z
10
value 0.00736
scoring_system epss
scoring_elements 0.72765
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8333
5
reference_url https://bugs.launchpad.net/nova/+bug/1359138
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1359138
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333
7
reference_url http://secunia.com/advisories/60531
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/60531
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
10
reference_url https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1154890
reference_id 1154890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1154890
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-8333
reference_id CVE-2014-8333
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-8333
17
reference_url https://github.com/advisories/GHSA-g63p-mfcm-54c4
reference_id GHSA-g63p-mfcm-54c4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g63p-mfcm-54c4
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-8333, GHSA-g63p-mfcm-54c4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r558-z5xb-v3a8
33
url VCID-rvp9-etcr-wycj
vulnerability_id VCID-rvp9-etcr-wycj
summary 
OpenStack Nova DoS through ephemeral disk backing files
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6437
reference_id
reference_type
scores
0
value 0.00434
scoring_system epss
scoring_elements 0.62849
published_at 2026-04-16T12:55:00Z
1
value 0.00434
scoring_system epss
scoring_elements 0.62809
published_at 2026-04-13T12:55:00Z
2
value 0.00434
scoring_system epss
scoring_elements 0.62832
published_at 2026-04-12T12:55:00Z
3
value 0.00434
scoring_system epss
scoring_elements 0.62808
published_at 2026-04-08T12:55:00Z
4
value 0.00434
scoring_system epss
scoring_elements 0.62857
published_at 2026-04-18T12:55:00Z
5
value 0.00434
scoring_system epss
scoring_elements 0.62825
published_at 2026-04-09T12:55:00Z
6
value 0.00434
scoring_system epss
scoring_elements 0.62706
published_at 2026-04-01T12:55:00Z
7
value 0.00434
scoring_system epss
scoring_elements 0.62762
published_at 2026-04-02T12:55:00Z
8
value 0.00434
scoring_system epss
scoring_elements 0.62843
published_at 2026-04-11T12:55:00Z
9
value 0.00434
scoring_system epss
scoring_elements 0.62793
published_at 2026-04-04T12:55:00Z
10
value 0.00434
scoring_system epss
scoring_elements 0.62757
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6437
4
reference_url https://bugs.launchpad.net/nova/+bug/1253980
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1253980
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836
8
reference_url https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4
9
reference_url https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1043106
reference_id 1043106
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1043106
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6437
reference_id CVE-2013-6437
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6437
12
reference_url https://github.com/advisories/GHSA-hrv9-4x4c-9jc8
reference_id GHSA-hrv9-4x4c-9jc8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrv9-4x4c-9jc8
13
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-6437, GHSA-hrv9-4x4c-9jc8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvp9-etcr-wycj
34
url VCID-s69v-tc7x-37fe
vulnerability_id VCID-s69v-tc7x-37fe
summary 
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18759
published_at 2026-04-18T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18747
published_at 2026-04-16T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18797
published_at 2026-04-13T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22081
published_at 2026-04-02T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21988
published_at 2026-04-08T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.21907
published_at 2026-04-07T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.22132
published_at 2026-04-04T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.22017
published_at 2026-04-12T12:55:00Z
8
value 0.00072
scoring_system epss
scoring_elements 0.22058
published_at 2026-04-11T12:55:00Z
9
value 0.00072
scoring_system epss
scoring_elements 0.22043
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
2
reference_url https://bugs.launchpad.net/nova/+bug/2137507
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://bugs.launchpad.net/nova/+bug/2137507
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
6
reference_url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
8
reference_url https://www.openwall.com/lists/oss-security/2026/02/17/7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://www.openwall.com/lists/oss-security/2026/02/17/7
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
reference_id 1128294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
reference_id 2430312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
11
reference_url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
reference_id GHSA-m4f3-qp2w-gwh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
12
reference_url https://usn.ubuntu.com/8049-1/
reference_id USN-8049-1
reference_type
scores
url https://usn.ubuntu.com/8049-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3
aliases CVE-2026-24708, GHSA-m4f3-qp2w-gwh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe
35
url VCID-sj2k-uq1g-suby
vulnerability_id VCID-sj2k-uq1g-suby
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4179 OpenStack: Nova XML entities DoS
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71365
published_at 2026-04-18T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71309
published_at 2026-04-08T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71322
published_at 2026-04-09T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71345
published_at 2026-04-11T12:55:00Z
4
value 0.00669
scoring_system epss
scoring_elements 0.7133
published_at 2026-04-12T12:55:00Z
5
value 0.00669
scoring_system epss
scoring_elements 0.71313
published_at 2026-04-13T12:55:00Z
6
value 0.00669
scoring_system epss
scoring_elements 0.71359
published_at 2026-04-16T12:55:00Z
7
value 0.00669
scoring_system epss
scoring_elements 0.71267
published_at 2026-04-07T12:55:00Z
8
value 0.00669
scoring_system epss
scoring_elements 0.71275
published_at 2026-04-02T12:55:00Z
9
value 0.00669
scoring_system epss
scoring_elements 0.71292
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
4
reference_url https://bugs.launchpad.net/ossa/+bug/1190229
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1190229
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=989707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=989707
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url http://www.ubuntu.com/usn/USN-2005-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2005-1
9
reference_url https://access.redhat.com/security/cve/CVE-2013-4179
reference_id CVE-2013-4179
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4179
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
reference_id CVE-2013-4179
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
11
reference_url https://github.com/advisories/GHSA-j6xh-q826-55jw
reference_id GHSA-j6xh-q826-55jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6xh-q826-55jw
12
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
13
reference_url https://usn.ubuntu.com/2005-1/
reference_id USN-2005-1
reference_type
scores
url https://usn.ubuntu.com/2005-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-4179, GHSA-j6xh-q826-55jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby
36
url VCID-t2sh-b3m5-vyax
vulnerability_id VCID-t2sh-b3m5-vyax
summary 
OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2096
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.1918
published_at 2026-04-18T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19277
published_at 2026-04-01T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19413
published_at 2026-04-02T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19462
published_at 2026-04-04T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19179
published_at 2026-04-07T12:55:00Z
5
value 0.00062
scoring_system epss
scoring_elements 0.19258
published_at 2026-04-08T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.1931
published_at 2026-04-09T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19315
published_at 2026-04-11T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19267
published_at 2026-04-12T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19213
published_at 2026-04-13T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.19171
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2096
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231
7
reference_url https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2096
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:P
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2096
9
reference_url https://review.openstack.org/#/c/28717
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/28717
10
reference_url https://review.openstack.org/#/c/28717/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/28717/
11
reference_url https://review.openstack.org/#/c/28901
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/28901
12
reference_url https://review.openstack.org/#/c/28901/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/28901/
13
reference_url https://review.openstack.org/#/c/29192
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/29192
14
reference_url https://review.openstack.org/#/c/29192/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/29192/
15
reference_url https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924
16
reference_url http://www.securityfocus.com/bid/59924
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/59924
17
reference_url http://www.ubuntu.com/usn/USN-1831-1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1831-1
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
reference_id 710157
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=963462
reference_id 963462
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=963462
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
23
reference_url https://github.com/advisories/GHSA-m674-hmx2-ffhq
reference_id GHSA-m674-hmx2-ffhq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m674-hmx2-ffhq
24
reference_url https://usn.ubuntu.com/1831-1/
reference_id USN-1831-1
reference_type
scores
url https://usn.ubuntu.com/1831-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-2096, GHSA-m674-hmx2-ffhq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2sh-b3m5-vyax
37
url VCID-v47b-k4qx-h7a2
vulnerability_id VCID-v47b-k4qx-h7a2
summary 
OpenStack Nova live snapshots use an insecure local directory
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7048
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17179
published_at 2026-04-16T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.1736
published_at 2026-04-02T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17406
published_at 2026-04-04T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17186
published_at 2026-04-18T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17278
published_at 2026-04-08T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17336
published_at 2026-04-09T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17349
published_at 2026-04-11T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17299
published_at 2026-04-12T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.1724
published_at 2026-04-13T12:55:00Z
9
value 0.00055
scoring_system epss
scoring_elements 0.17193
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7048
3
reference_url https://bugs.launchpad.net/nova/+bug/1227027
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1227027
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d
7
reference_url https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f
8
reference_url https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa
9
reference_url http://www.openwall.com/lists/oss-security/2014/01/13/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/01/13/2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040786
reference_id 1040786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040786
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022
reference_id 732022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7048
reference_id CVE-2013-7048
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7048
13
reference_url https://github.com/advisories/GHSA-grp5-h379-j75x
reference_id GHSA-grp5-h379-j75x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grp5-h379-j75x
14
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
15
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-7048, GHSA-grp5-h379-j75x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v47b-k4qx-h7a2
38
url VCID-vena-h39k-v3fe
vulnerability_id VCID-vena-h39k-v3fe
summary The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
2
reference_url http://osvdb.org/102416
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://osvdb.org/102416
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7130
reference_id
reference_type
scores
0
value 0.02539
scoring_system epss
scoring_elements 0.85482
published_at 2026-04-16T12:55:00Z
1
value 0.02539
scoring_system epss
scoring_elements 0.85458
published_at 2026-04-13T12:55:00Z
2
value 0.02539
scoring_system epss
scoring_elements 0.85462
published_at 2026-04-12T12:55:00Z
3
value 0.02539
scoring_system epss
scoring_elements 0.85464
published_at 2026-04-11T12:55:00Z
4
value 0.02539
scoring_system epss
scoring_elements 0.8545
published_at 2026-04-09T12:55:00Z
5
value 0.02539
scoring_system epss
scoring_elements 0.85441
published_at 2026-04-08T12:55:00Z
6
value 0.02539
scoring_system epss
scoring_elements 0.8542
published_at 2026-04-07T12:55:00Z
7
value 0.02539
scoring_system epss
scoring_elements 0.85417
published_at 2026-04-04T12:55:00Z
8
value 0.02539
scoring_system epss
scoring_elements 0.85397
published_at 2026-04-02T12:55:00Z
9
value 0.02539
scoring_system epss
scoring_elements 0.85385
published_at 2026-04-01T12:55:00Z
10
value 0.02539
scoring_system epss
scoring_elements 0.85487
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7130
6
reference_url https://bugs.launchpad.net/nova/+bug/1251590
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1251590
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
8
reference_url http://secunia.com/advisories/56450
reference_id
reference_type
scores
url http://secunia.com/advisories/56450
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
10
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
11
reference_url https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
12
reference_url https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
13
reference_url https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7130
16
reference_url https://review.openstack.org/#/c/68658
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68658
17
reference_url https://review.openstack.org/#/c/68658/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68658/
18
reference_url https://review.openstack.org/#/c/68659
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68659
19
reference_url https://review.openstack.org/#/c/68659/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68659/
20
reference_url https://review.openstack.org/#/c/68660
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68660
21
reference_url https://review.openstack.org/#/c/68660/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68660/
22
reference_url http://www.openwall.com/lists/oss-security/2014/01/23/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/01/23/5
23
reference_url http://www.securityfocus.com/bid/65106
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65106
24
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1055400
reference_id 1055400
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1055400
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465
reference_id 736465
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465
27
reference_url https://github.com/advisories/GHSA-99rx-9x8v-9j8p
reference_id GHSA-99rx-9x8v-9j8p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99rx-9x8v-9j8p
28
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
29
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
30
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2013-7130, GHSA-99rx-9x8v-9j8p, PYSEC-2014-111
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vena-h39k-v3fe
39
url VCID-x5k4-dm9d-xkf7
vulnerability_id VCID-x5k4-dm9d-xkf7
summary 
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1781.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1781.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1782.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1782.html
2
reference_url https://access.redhat.com/errata/RHSA-2014:1781
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1781
3
reference_url https://access.redhat.com/errata/RHSA-2014:1782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1782
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.71788
published_at 2026-04-18T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.71706
published_at 2026-04-02T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.71725
published_at 2026-04-04T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.71698
published_at 2026-04-07T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.71737
published_at 2026-04-08T12:55:00Z
5
value 0.00689
scoring_system epss
scoring_elements 0.71749
published_at 2026-04-09T12:55:00Z
6
value 0.00689
scoring_system epss
scoring_elements 0.71773
published_at 2026-04-11T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-12T12:55:00Z
8
value 0.00689
scoring_system epss
scoring_elements 0.71739
published_at 2026-04-13T12:55:00Z
9
value 0.00689
scoring_system epss
scoring_elements 0.71782
published_at 2026-04-16T12:55:00Z
10
value 0.00689
scoring_system epss
scoring_elements 0.71699
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
6
reference_url https://bugs.launchpad.net/nova/+bug/1338830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1338830
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
9
reference_url http://seclists.org/oss-sec/2014/q4/65
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/65
10
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
11
reference_url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
12
reference_url http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70220
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://access.redhat.com/security/cve/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3608
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value 2.7
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
16
reference_url https://github.com/advisories/GHSA-92hc-c226-32q7
reference_id GHSA-92hc-c226-32q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92hc-c226-32q7
17
reference_url https://usn.ubuntu.com/2407-1/
reference_id USN-2407-1
reference_type
scores
url https://usn.ubuntu.com/2407-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-3608, GHSA-92hc-c226-32q7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7
40
url VCID-y8va-eyt2-3kfv
vulnerability_id VCID-y8va-eyt2-3kfv
summary OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-2687
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15948
published_at 2026-04-01T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15831
published_at 2026-04-18T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15817
published_at 2026-04-16T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15892
published_at 2026-04-13T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.1596
published_at 2026-04-12T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15998
published_at 2026-04-11T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.1602
published_at 2026-04-09T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15958
published_at 2026-04-08T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.15872
published_at 2026-04-07T12:55:00Z
9
value 0.00051
scoring_system epss
scoring_elements 0.16075
published_at 2026-04-04T12:55:00Z
10
value 0.00051
scoring_system epss
scoring_elements 0.16012
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-2687
2
reference_url https://bugs.launchpad.net/nova/+bug/1419577
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1419577
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205313
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205313
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2687
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-2687
9
reference_url https://review.openstack.org/#/c/338929
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/338929
10
reference_url https://review.openstack.org/#/c/338929/
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://review.openstack.org/#/c/338929/
11
reference_url http://www.openwall.com/lists/oss-security/2015/03/24/10
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/24/10
12
reference_url http://www.openwall.com/lists/oss-security/2015/03/25/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/25/3
13
reference_url http://www.securityfocus.com/bid/77505
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url http://www.securityfocus.com/bid/77505
14
reference_url https://github.com/advisories/GHSA-97fv-22hc-mrgj
reference_id GHSA-97fv-22hc-mrgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97fv-22hc-mrgj
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2015-2687, GHSA-97fv-22hc-mrgj, PYSEC-2017-145
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8va-eyt2-3kfv
41
url VCID-ykzj-fz7y-eug8
vulnerability_id VCID-ykzj-fz7y-eug8
summary Trove: potential leak of passwords into log files
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1939.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-1939.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7230
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31387
published_at 2026-04-18T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31368
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31506
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31365
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31419
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31449
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31452
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31409
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-13T12:55:00Z
10
value 0.00123
scoring_system epss
scoring_elements 0.31407
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7230
3
reference_url https://bugs.launchpad.net/oslo-incubator/+bug/1343604
reference_id
reference_type
scores
url https://bugs.launchpad.net/oslo-incubator/+bug/1343604
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
5
reference_url http://seclists.org/oss-sec/2014/q3/853
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2014/q3/853
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
7
reference_url http://www.securityfocus.com/bid/70185
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/70185
8
reference_url http://www.ubuntu.com/usn/USN-2405-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2405-1
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id 1147722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1147722
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
reference_id 765704
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
reference_id 765714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7230
reference_id CVE-2014-7230
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2014-7230
18
reference_url https://access.redhat.com/errata/RHSA-2014:1939
reference_id RHSA-2014:1939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1939
19
reference_url https://usn.ubuntu.com/2405-1/
reference_id USN-2405-1
reference_type
scores
url https://usn.ubuntu.com/2405-1/
20
reference_url https://usn.ubuntu.com/2407-1/
reference_id USN-2407-1
reference_type
scores
url https://usn.ubuntu.com/2407-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11
purl pkg:deb/debian/nova@2014.1.3-11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-5nfz-1bk3-93fe
4
vulnerability VCID-6n3z-x4zj-4bez
5
vulnerability VCID-7yp4-ebnm-g3c3
6
vulnerability VCID-9se5-m6dx-8kcj
7
vulnerability VCID-br4q-499g-vqhg
8
vulnerability VCID-cwub-w9dp-wfgy
9
vulnerability VCID-cy7p-gzf8-eqcj
10
vulnerability VCID-ek6e-977t-3bew
11
vulnerability VCID-h6rd-5p7q-s3gq
12
vulnerability VCID-jdb7-71q5-pfcx
13
vulnerability VCID-k48d-ecqx-m3ed
14
vulnerability VCID-nb1y-cbzs-abhc
15
vulnerability VCID-qfdm-g857-3yb5
16
vulnerability VCID-s69v-tc7x-37fe
17
vulnerability VCID-zy9m-d25c-5uga
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11
aliases CVE-2014-7230
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8
42
url VCID-zy9m-d25c-5uga
vulnerability_id VCID-zy9m-d25c-5uga
summary 
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2923.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2923.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2991.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2991.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2017-0153.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0153.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2017-0156.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0156.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2017-0165.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0165.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2017-0282.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0282.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5162
reference_id
reference_type
scores
0
value 0.0359
scoring_system epss
scoring_elements 0.87769
published_at 2026-04-18T12:55:00Z
1
value 0.0359
scoring_system epss
scoring_elements 0.87701
published_at 2026-04-01T12:55:00Z
2
value 0.0359
scoring_system epss
scoring_elements 0.87712
published_at 2026-04-02T12:55:00Z
3
value 0.0359
scoring_system epss
scoring_elements 0.87723
published_at 2026-04-04T12:55:00Z
4
value 0.0359
scoring_system epss
scoring_elements 0.87725
published_at 2026-04-07T12:55:00Z
5
value 0.0359
scoring_system epss
scoring_elements 0.87746
published_at 2026-04-08T12:55:00Z
6
value 0.0359
scoring_system epss
scoring_elements 0.87752
published_at 2026-04-09T12:55:00Z
7
value 0.0359
scoring_system epss
scoring_elements 0.87763
published_at 2026-04-11T12:55:00Z
8
value 0.0359
scoring_system epss
scoring_elements 0.87757
published_at 2026-04-12T12:55:00Z
9
value 0.0359
scoring_system epss
scoring_elements 0.87756
published_at 2026-04-13T12:55:00Z
10
value 0.0359
scoring_system epss
scoring_elements 0.8777
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5162
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1268303
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1268303
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
12
reference_url https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
13
reference_url https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
14
reference_url https://launchpad.net/bugs/1449062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1449062
15
reference_url http://www.openwall.com/lists/oss-security/2016/10/06/8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/06/8
16
reference_url http://www.securityfocus.com/bid/76849
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76849
17
reference_url https://access.redhat.com/security/cve/CVE-2015-5162
reference_id CVE-2015-5162
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-5162
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5162
reference_id CVE-2015-5162
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5162
19
reference_url https://github.com/advisories/GHSA-g2j5-7vgx-6xrx
reference_id GHSA-g2j5-7vgx-6xrx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2j5-7vgx-6xrx
20
reference_url https://access.redhat.com/errata/RHSA-2016:2923
reference_id RHSA-2016:2923
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2923
21
reference_url https://access.redhat.com/errata/RHSA-2016:2991
reference_id RHSA-2016:2991
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2991
22
reference_url https://access.redhat.com/errata/RHSA-2017:0153
reference_id RHSA-2017:0153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0153
23
reference_url https://access.redhat.com/errata/RHSA-2017:0156
reference_id RHSA-2017:0156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0156
24
reference_url https://access.redhat.com/errata/RHSA-2017:0165
reference_id RHSA-2017:0165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0165
25
reference_url https://access.redhat.com/errata/RHSA-2017:0282
reference_id RHSA-2017:0282
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0282
26
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
purl pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-jdb7-71q5-pfcx
8
vulnerability VCID-qfdm-g857-3yb5
9
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1
aliases CVE-2015-5162, GHSA-g2j5-7vgx-6xrx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-18