Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
Typedeb
Namespacedebian
Namenova
Version2:14.0.0-4+deb9u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2:26.2.2-1~deb12u3
Latest_non_vulnerable_version2:26.2.2-1~deb12u3
Affected_by_vulnerabilities
0
url VCID-1fb2-ccby-7yfq
vulnerability_id VCID-1fb2-ccby-7yfq
summary An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-18T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-16T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59746
published_at 2026-04-13T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.59629
published_at 2026-04-01T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.59764
published_at 2026-04-12T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.5978
published_at 2026-04-11T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-09T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59747
published_at 2026-04-08T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59695
published_at 2026-04-07T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59726
published_at 2026-04-04T12:55:00Z
10
value 0.00385
scoring_system epss
scoring_elements 0.59701
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
6
reference_url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
7
reference_url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
8
reference_url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
9
reference_url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
11
reference_url https://launchpad.net/bugs/1890501
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1890501
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
13
reference_url https://security.openstack.org/ossa/OSSA-2020-006.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-006.html
14
reference_url http://www.openwall.com/lists/oss-security/2020/08/25/4
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/25/4
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
reference_id 1869426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
reference_id 969052
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
17
reference_url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
reference_id GHSA-c7w7-9c85-4qxv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
18
reference_url https://access.redhat.com/errata/RHSA-2020:3702
reference_id RHSA-2020:3702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3702
19
reference_url https://access.redhat.com/errata/RHSA-2020:3704
reference_id RHSA-2020:3704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3704
20
reference_url https://access.redhat.com/errata/RHSA-2020:3706
reference_id RHSA-2020:3706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3706
21
reference_url https://access.redhat.com/errata/RHSA-2020:3708
reference_id RHSA-2020:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3708
22
reference_url https://access.redhat.com/errata/RHSA-2020:3711
reference_id RHSA-2020:3711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3711
23
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq
1
url VCID-1qbm-qguj-gkem
vulnerability_id VCID-1qbm-qguj-gkem
summary 
OpenStack Nova Filter Scheduler Bypass
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0241
1
reference_url https://access.redhat.com/errata/RHSA-2018:0314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0314
2
reference_url https://access.redhat.com/errata/RHSA-2018:0369
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0369
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-18T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-01T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59715
published_at 2026-04-02T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.5974
published_at 2026-04-04T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.5971
published_at 2026-04-07T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-13T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59775
published_at 2026-04-09T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59794
published_at 2026-04-11T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59779
published_at 2026-04-12T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59798
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:P
1
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
9
reference_url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
10
reference_url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
11
reference_url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
12
reference_url https://launchpad.net/bugs/1664931
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1664931
13
reference_url https://security.openstack.org/ossa/OSSA-2017-005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-005.html
14
reference_url https://www.debian.org/security/2017/dsa-4056
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4056
15
reference_url http://www.securityfocus.com/bid/101950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101950
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
reference_id 1508539
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
reference_id 882009
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
reference_id CVE-2017-16239
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
31
reference_url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
reference_id GHSA-w2wf-cgwh-vpqg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
fixed_packages
0
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-16239, GHSA-w2wf-cgwh-vpqg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem
2
url VCID-2dpk-ncrc-1fcw
vulnerability_id VCID-2dpk-ncrc-1fcw
summary An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2622
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2622
1
reference_url https://access.redhat.com/errata/RHSA-2019:2631
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2631
2
reference_url https://access.redhat.com/errata/RHSA-2019:2652
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2652
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
reference_id
reference_type
scores
0
value 0.01327
scoring_system epss
scoring_elements 0.79871
published_at 2026-04-01T12:55:00Z
1
value 0.01327
scoring_system epss
scoring_elements 0.79924
published_at 2026-04-09T12:55:00Z
2
value 0.01327
scoring_system epss
scoring_elements 0.79944
published_at 2026-04-11T12:55:00Z
3
value 0.01327
scoring_system epss
scoring_elements 0.79927
published_at 2026-04-12T12:55:00Z
4
value 0.01327
scoring_system epss
scoring_elements 0.79919
published_at 2026-04-13T12:55:00Z
5
value 0.01327
scoring_system epss
scoring_elements 0.79948
published_at 2026-04-16T12:55:00Z
6
value 0.01327
scoring_system epss
scoring_elements 0.79949
published_at 2026-04-18T12:55:00Z
7
value 0.01327
scoring_system epss
scoring_elements 0.79887
published_at 2026-04-07T12:55:00Z
8
value 0.01327
scoring_system epss
scoring_elements 0.79899
published_at 2026-04-04T12:55:00Z
9
value 0.01327
scoring_system epss
scoring_elements 0.79877
published_at 2026-04-02T12:55:00Z
10
value 0.01327
scoring_system epss
scoring_elements 0.79915
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
10
reference_url https://launchpad.net/bugs/1837877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1837877
11
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
13
reference_url https://security.openstack.org/ossa/OSSA-2019-003.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-003.html
14
reference_url https://usn.ubuntu.com/4104-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4104-1
15
reference_url https://usn.ubuntu.com/4104-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4104-1/
16
reference_url http://www.openwall.com/lists/oss-security/2019/08/06/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/06/6
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
reference_id 1735522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
reference_id 934114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
19
reference_url https://github.com/advisories/GHSA-pg64-r7rr-phv8
reference_id GHSA-pg64-r7rr-phv8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pg64-r7rr-phv8
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2019-14433, GHSA-pg64-r7rr-phv8, PYSEC-2019-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpk-ncrc-1fcw
3
url VCID-br4q-499g-vqhg
vulnerability_id VCID-br4q-499g-vqhg
summary 
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.72732
published_at 2026-04-18T12:55:00Z
1
value 0.00731
scoring_system epss
scoring_elements 0.72721
published_at 2026-04-16T12:55:00Z
2
value 0.00731
scoring_system epss
scoring_elements 0.72679
published_at 2026-04-13T12:55:00Z
3
value 0.00731
scoring_system epss
scoring_elements 0.72689
published_at 2026-04-12T12:55:00Z
4
value 0.00731
scoring_system epss
scoring_elements 0.72706
published_at 2026-04-11T12:55:00Z
5
value 0.00731
scoring_system epss
scoring_elements 0.72682
published_at 2026-04-09T12:55:00Z
6
value 0.00731
scoring_system epss
scoring_elements 0.72669
published_at 2026-04-08T12:55:00Z
7
value 0.00731
scoring_system epss
scoring_elements 0.7263
published_at 2026-04-07T12:55:00Z
8
value 0.00731
scoring_system epss
scoring_elements 0.72653
published_at 2026-04-04T12:55:00Z
9
value 0.00731
scoring_system epss
scoring_elements 0.72635
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://launchpad.net/bugs/1996188
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://launchpad.net/bugs/1996188
5
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
8
reference_url https://security.openstack.org/ossa/OSSA-2023-002.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://security.openstack.org/ossa/OSSA-2023-002.html
9
reference_url https://www.debian.org/security/2023/dsa-5336
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5336
10
reference_url https://www.debian.org/security/2023/dsa-5337
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5337
11
reference_url https://www.debian.org/security/2023/dsa-5338
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5338
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id 1029561
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id 1029562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id 1029563
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id 2161812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
reference_id CVE-2022-47951
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
17
reference_url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
reference_id GHSA-7h75-hwxx-qpgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
18
reference_url https://access.redhat.com/errata/RHSA-2023:1015
reference_id RHSA-2023:1015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1015
19
reference_url https://access.redhat.com/errata/RHSA-2023:1016
reference_id RHSA-2023:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1016
20
reference_url https://access.redhat.com/errata/RHSA-2023:1017
reference_id RHSA-2023:1017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1017
21
reference_url https://access.redhat.com/errata/RHSA-2023:1278
reference_id RHSA-2023:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1278
22
reference_url https://access.redhat.com/errata/RHSA-2023:1279
reference_id RHSA-2023:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1279
23
reference_url https://access.redhat.com/errata/RHSA-2023:1280
reference_id RHSA-2023:1280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1280
24
reference_url https://usn.ubuntu.com/5835-1/
reference_id USN-5835-1
reference_type
scores
url https://usn.ubuntu.com/5835-1/
25
reference_url https://usn.ubuntu.com/5835-2/
reference_id USN-5835-2
reference_type
scores
url https://usn.ubuntu.com/5835-2/
26
reference_url https://usn.ubuntu.com/5835-3/
reference_id USN-5835-3
reference_type
scores
url https://usn.ubuntu.com/5835-3/
27
reference_url https://usn.ubuntu.com/5835-4/
reference_id USN-5835-4
reference_type
scores
url https://usn.ubuntu.com/5835-4/
28
reference_url https://usn.ubuntu.com/5835-5/
reference_id USN-5835-5
reference_type
scores
url https://usn.ubuntu.com/5835-5/
29
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg
4
url VCID-cwub-w9dp-wfgy
vulnerability_id VCID-cwub-w9dp-wfgy
summary 
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
reference_id
reference_type
scores
0
value 0.00841
scoring_system epss
scoring_elements 0.74759
published_at 2026-04-18T12:55:00Z
1
value 0.00841
scoring_system epss
scoring_elements 0.74752
published_at 2026-04-16T12:55:00Z
2
value 0.00841
scoring_system epss
scoring_elements 0.74715
published_at 2026-04-13T12:55:00Z
3
value 0.00841
scoring_system epss
scoring_elements 0.74724
published_at 2026-04-12T12:55:00Z
4
value 0.00841
scoring_system epss
scoring_elements 0.74745
published_at 2026-04-11T12:55:00Z
5
value 0.00841
scoring_system epss
scoring_elements 0.74722
published_at 2026-04-09T12:55:00Z
6
value 0.00841
scoring_system epss
scoring_elements 0.74707
published_at 2026-04-08T12:55:00Z
7
value 0.00841
scoring_system epss
scoring_elements 0.74675
published_at 2026-04-07T12:55:00Z
8
value 0.00841
scoring_system epss
scoring_elements 0.747
published_at 2026-04-04T12:55:00Z
9
value 0.00841
scoring_system epss
scoring_elements 0.74671
published_at 2026-04-01T12:55:00Z
10
value 0.00841
scoring_system epss
scoring_elements 0.74674
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
3
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
4
reference_url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
5
reference_url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
6
reference_url https://launchpad.net/bugs/1732976
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1732976
7
reference_url https://review.openstack.org/521662
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/521662
8
reference_url https://review.openstack.org/523214
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/523214
9
reference_url https://security.openstack.org/ossa/OSSA-2017-006.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-006.html
10
reference_url http://www.securityfocus.com/bid/102102
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/102102
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
reference_id 1519231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
reference_id 883621
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
reference_id CVE-2017-17051
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
15
reference_url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
reference_id GHSA-vq76-rxx3-4r4r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
fixed_packages
0
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-17051, GHSA-vq76-rxx3-4r4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwub-w9dp-wfgy
5
url VCID-cy7p-gzf8-eqcj
vulnerability_id VCID-cy7p-gzf8-eqcj
summary 
OpenStack Nova Denial of service attack on the compute host
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
references
0
reference_url http://openwall.com/lists/oss-security/2018/04/20/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2018/04/20/3
1
reference_url https://access.redhat.com/errata/RHSA-2018:2332
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2332
2
reference_url https://access.redhat.com/errata/RHSA-2018:2714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2714
3
reference_url https://access.redhat.com/errata/RHSA-2018:2855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2855
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
reference_id
reference_type
scores
0
value 0.02481
scoring_system epss
scoring_elements 0.8525
published_at 2026-04-04T12:55:00Z
1
value 0.02481
scoring_system epss
scoring_elements 0.85232
published_at 2026-04-02T12:55:00Z
2
value 0.02481
scoring_system epss
scoring_elements 0.85313
published_at 2026-04-18T12:55:00Z
3
value 0.02481
scoring_system epss
scoring_elements 0.85292
published_at 2026-04-13T12:55:00Z
4
value 0.02481
scoring_system epss
scoring_elements 0.85295
published_at 2026-04-12T12:55:00Z
5
value 0.02481
scoring_system epss
scoring_elements 0.85297
published_at 2026-04-11T12:55:00Z
6
value 0.02481
scoring_system epss
scoring_elements 0.85282
published_at 2026-04-09T12:55:00Z
7
value 0.02481
scoring_system epss
scoring_elements 0.85274
published_at 2026-04-08T12:55:00Z
8
value 0.02481
scoring_system epss
scoring_elements 0.85252
published_at 2026-04-07T12:55:00Z
9
value 0.02481
scoring_system epss
scoring_elements 0.8522
published_at 2026-04-01T12:55:00Z
10
value 0.02481
scoring_system epss
scoring_elements 0.85312
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
10
reference_url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
11
reference_url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
12
reference_url https://launchpad.net/bugs/1739593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1739593
13
reference_url https://review.openstack.org/539893
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/539893
14
reference_url https://security.openstack.org/ossa/OSSA-2018-001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2018-001.html
15
reference_url http://www.securityfocus.com/bid/103104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103104
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
reference_id 1546937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
reference_id CVE-2017-18191
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
18
reference_url https://github.com/advisories/GHSA-ffmh-r67w-m88f
reference_id GHSA-ffmh-r67w-m88f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffmh-r67w-m88f
19
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-18191, GHSA-ffmh-r67w-m88f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy7p-gzf8-eqcj
6
url VCID-h6rd-5p7q-s3gq
vulnerability_id VCID-h6rd-5p7q-s3gq
summary 
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38394
published_at 2026-04-18T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38413
published_at 2026-04-16T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38465
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38489
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38353
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38404
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38412
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38428
published_at 2026-04-11T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38366
published_at 2026-04-13T12:55:00Z
9
value 0.00171
scoring_system epss
scoring_elements 0.38391
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
3
reference_url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
4
reference_url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
5
reference_url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
6
reference_url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
7
reference_url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
8
reference_url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
9
reference_url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
10
reference_url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
11
reference_url https://launchpad.net/bugs/2059809
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://launchpad.net/bugs/2059809
12
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
15
reference_url https://security.openstack.org/ossa/OSSA-2024-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://security.openstack.org/ossa/OSSA-2024-001.html
16
reference_url https://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://www.openwall.com/lists/oss-security/2024/07/02/2
17
reference_url http://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url http://www.openwall.com/lists/oss-security/2024/07/02/2
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id 1074761
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id 1074762
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id 1074763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id 2278663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
22
reference_url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
reference_id GHSA-r4v4-w9pv-6fph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
23
reference_url https://access.redhat.com/errata/RHSA-2024:4272
reference_id RHSA-2024:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4272
24
reference_url https://access.redhat.com/errata/RHSA-2024:4273
reference_id RHSA-2024:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4273
25
reference_url https://access.redhat.com/errata/RHSA-2024:4274
reference_id RHSA-2024:4274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4274
26
reference_url https://access.redhat.com/errata/RHSA-2024:4425
reference_id RHSA-2024:4425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4425
27
reference_url https://usn.ubuntu.com/6882-1/
reference_id USN-6882-1
reference_type
scores
url https://usn.ubuntu.com/6882-1/
28
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
29
reference_url https://usn.ubuntu.com/6883-1/
reference_id USN-6883-1
reference_type
scores
url https://usn.ubuntu.com/6883-1/
30
reference_url https://usn.ubuntu.com/6884-1/
reference_id USN-6884-1
reference_type
scores
url https://usn.ubuntu.com/6884-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3
aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq
7
url VCID-qfdm-g857-3yb5
vulnerability_id VCID-qfdm-g857-3yb5
summary 
OpenStack Nova can leak consoleauth token into log files
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24177
published_at 2026-04-18T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24364
published_at 2026-04-04T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.2419
published_at 2026-04-16T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24173
published_at 2026-04-13T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.2423
published_at 2026-04-12T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24273
published_at 2026-04-11T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24256
published_at 2026-04-09T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24213
published_at 2026-04-08T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24201
published_at 2026-04-01T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.2433
published_at 2026-04-02T12:55:00Z
10
value 0.00083
scoring_system epss
scoring_elements 0.24147
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
5
reference_url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
6
reference_url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
7
reference_url https://launchpad.net/bugs/1492140
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1492140
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
9
reference_url https://review.opendev.org/220622
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/220622
10
reference_url https://security.openstack.org/ossa/OSSA-2020-001.html
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-001.html
11
reference_url http://www.openwall.com/lists/oss-security/2020/02/19/2
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/19/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
reference_id 1805386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
reference_id 951635
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
14
reference_url https://github.com/advisories/GHSA-22jm-4hxw-35jf
reference_id GHSA-22jm-4hxw-35jf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22jm-4hxw-35jf
15
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h6rd-5p7q-s3gq
1
vulnerability VCID-hd9e-1msb-uqa6
2
vulnerability VCID-m5vc-4my3-87gk
3
vulnerability VCID-s69v-tc7x-37fe
4
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1
aliases CVE-2015-9543, GHSA-22jm-4hxw-35jf
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdm-g857-3yb5
8
url VCID-s69v-tc7x-37fe
vulnerability_id VCID-s69v-tc7x-37fe
summary 
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18759
published_at 2026-04-18T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18747
published_at 2026-04-16T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18797
published_at 2026-04-13T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22081
published_at 2026-04-02T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21988
published_at 2026-04-08T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.21907
published_at 2026-04-07T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.22132
published_at 2026-04-04T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.22017
published_at 2026-04-12T12:55:00Z
8
value 0.00072
scoring_system epss
scoring_elements 0.22058
published_at 2026-04-11T12:55:00Z
9
value 0.00072
scoring_system epss
scoring_elements 0.22043
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
2
reference_url https://bugs.launchpad.net/nova/+bug/2137507
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://bugs.launchpad.net/nova/+bug/2137507
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
6
reference_url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
8
reference_url https://www.openwall.com/lists/oss-security/2026/02/17/7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://www.openwall.com/lists/oss-security/2026/02/17/7
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
reference_id 1128294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
reference_id 2430312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
11
reference_url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
reference_id GHSA-m4f3-qp2w-gwh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
12
reference_url https://usn.ubuntu.com/8049-1/
reference_id USN-8049-1
reference_type
scores
url https://usn.ubuntu.com/8049-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3
aliases CVE-2026-24708, GHSA-m4f3-qp2w-gwh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe
Fixing_vulnerabilities
0
url VCID-1qbm-qguj-gkem
vulnerability_id VCID-1qbm-qguj-gkem
summary 
OpenStack Nova Filter Scheduler Bypass
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0241
1
reference_url https://access.redhat.com/errata/RHSA-2018:0314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0314
2
reference_url https://access.redhat.com/errata/RHSA-2018:0369
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0369
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-18T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-01T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59715
published_at 2026-04-02T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.5974
published_at 2026-04-04T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.5971
published_at 2026-04-07T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-13T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59775
published_at 2026-04-09T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59794
published_at 2026-04-11T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59779
published_at 2026-04-12T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59798
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:P
1
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
9
reference_url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
10
reference_url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
11
reference_url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
12
reference_url https://launchpad.net/bugs/1664931
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1664931
13
reference_url https://security.openstack.org/ossa/OSSA-2017-005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-005.html
14
reference_url https://www.debian.org/security/2017/dsa-4056
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4056
15
reference_url http://www.securityfocus.com/bid/101950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101950
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
reference_id 1508539
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
reference_id 882009
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
reference_id CVE-2017-16239
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
31
reference_url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
reference_id GHSA-w2wf-cgwh-vpqg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
fixed_packages
0
url pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
purl pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-qfdm-g857-3yb5
8
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1
1
url pkg:deb/debian/nova@2:18.1.0-6
purl pkg:deb/debian/nova@2:18.1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-2dpk-ncrc-1fcw
2
vulnerability VCID-br4q-499g-vqhg
3
vulnerability VCID-h6rd-5p7q-s3gq
4
vulnerability VCID-qfdm-g857-3yb5
5
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6
aliases CVE-2017-16239, GHSA-w2wf-cgwh-vpqg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem
1
url VCID-jdb7-71q5-pfcx
vulnerability_id VCID-jdb7-71q5-pfcx
summary 
OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1508
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1508
1
reference_url https://access.redhat.com/errata/RHSA-2017:1595
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1595
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
reference_id
reference_type
scores
0
value 0.01297
scoring_system epss
scoring_elements 0.79665
published_at 2026-04-07T12:55:00Z
1
value 0.01297
scoring_system epss
scoring_elements 0.79727
published_at 2026-04-18T12:55:00Z
2
value 0.01297
scoring_system epss
scoring_elements 0.79698
published_at 2026-04-13T12:55:00Z
3
value 0.01297
scoring_system epss
scoring_elements 0.79705
published_at 2026-04-12T12:55:00Z
4
value 0.01297
scoring_system epss
scoring_elements 0.79721
published_at 2026-04-11T12:55:00Z
5
value 0.01297
scoring_system epss
scoring_elements 0.7965
published_at 2026-04-01T12:55:00Z
6
value 0.01297
scoring_system epss
scoring_elements 0.797
published_at 2026-04-09T12:55:00Z
7
value 0.01297
scoring_system epss
scoring_elements 0.79693
published_at 2026-04-08T12:55:00Z
8
value 0.01297
scoring_system epss
scoring_elements 0.79657
published_at 2026-04-02T12:55:00Z
9
value 0.01297
scoring_system epss
scoring_elements 0.79678
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
8
reference_url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
9
reference_url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
10
reference_url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
11
reference_url https://launchpad.net/bugs/1673569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1673569
12
reference_url http://www.securityfocus.com/bid/96998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96998
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
reference_id 1434844
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
reference_id 858568
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
reference_id CVE-2017-7214
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
28
reference_url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
reference_id GHSA-f4g4-cj8f-3cr9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
fixed_packages
0
url pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
purl pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fb2-ccby-7yfq
1
vulnerability VCID-1qbm-qguj-gkem
2
vulnerability VCID-2dpk-ncrc-1fcw
3
vulnerability VCID-br4q-499g-vqhg
4
vulnerability VCID-cwub-w9dp-wfgy
5
vulnerability VCID-cy7p-gzf8-eqcj
6
vulnerability VCID-h6rd-5p7q-s3gq
7
vulnerability VCID-qfdm-g857-3yb5
8
vulnerability VCID-s69v-tc7x-37fe
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1
aliases CVE-2017-7214, GHSA-f4g4-cj8f-3cr9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdb7-71q5-pfcx
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1