Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/nova@2:33.0.0-3?distro=trixie
Typedeb
Namespacedebian
Namenova
Version2:33.0.0-3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2:33.0.0-4
Latest_non_vulnerable_version2:33.0.0-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1fb2-ccby-7yfq
vulnerability_id VCID-1fb2-ccby-7yfq
summary An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-16T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59746
published_at 2026-04-13T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.59764
published_at 2026-04-12T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.59629
published_at 2026-04-01T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.5978
published_at 2026-04-11T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-09T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59747
published_at 2026-04-08T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59695
published_at 2026-04-07T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59726
published_at 2026-04-04T12:55:00Z
9
value 0.00385
scoring_system epss
scoring_elements 0.59701
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
6
reference_url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
7
reference_url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
8
reference_url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
9
reference_url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
11
reference_url https://launchpad.net/bugs/1890501
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1890501
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
13
reference_url https://security.openstack.org/ossa/OSSA-2020-006.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-006.html
14
reference_url http://www.openwall.com/lists/oss-security/2020/08/25/4
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/25/4
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
reference_id 1869426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
reference_id 969052
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
17
reference_url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
reference_id GHSA-c7w7-9c85-4qxv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
18
reference_url https://access.redhat.com/errata/RHSA-2020:3702
reference_id RHSA-2020:3702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3702
19
reference_url https://access.redhat.com/errata/RHSA-2020:3704
reference_id RHSA-2020:3704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3704
20
reference_url https://access.redhat.com/errata/RHSA-2020:3706
reference_id RHSA-2020:3706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3706
21
reference_url https://access.redhat.com/errata/RHSA-2020:3708
reference_id RHSA-2020:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3708
22
reference_url https://access.redhat.com/errata/RHSA-2020:3711
reference_id RHSA-2020:3711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3711
23
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:21.1.0-1?distro=trixie
purl pkg:deb/debian/nova@2:21.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:21.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq
1
url VCID-1p1c-fevy-bydg
vulnerability_id VCID-1p1c-fevy-bydg
summary 
Insufficient Verification of Data Authenticity
It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0790.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
4
reference_url https://access.redhat.com/errata/RHSA-2015:0790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0790
5
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
6
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42708
published_at 2026-04-16T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42666
published_at 2026-04-08T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42678
published_at 2026-04-09T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42701
published_at 2026-04-11T12:55:00Z
4
value 0.00205
scoring_system epss
scoring_elements 0.42665
published_at 2026-04-12T12:55:00Z
5
value 0.00205
scoring_system epss
scoring_elements 0.42648
published_at 2026-04-13T12:55:00Z
6
value 0.00205
scoring_system epss
scoring_elements 0.42576
published_at 2026-04-01T12:55:00Z
7
value 0.00205
scoring_system epss
scoring_elements 0.42646
published_at 2026-04-02T12:55:00Z
8
value 0.00205
scoring_system epss
scoring_elements 0.42674
published_at 2026-04-04T12:55:00Z
9
value 0.00205
scoring_system epss
scoring_elements 0.42615
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
9
reference_url https://bugs.launchpad.net/nova/+bug/1409142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1409142
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
12
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
reference_id 780250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
14
reference_url https://access.redhat.com/security/cve/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-0259
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
16
reference_url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
reference_id GHSA-x8xr-rm9r-7mvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-11?distro=trixie
purl pkg:deb/debian/nova@2014.1.3-11?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-0259, GHSA-x8xr-rm9r-7mvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg
2
url VCID-1qbm-qguj-gkem
vulnerability_id VCID-1qbm-qguj-gkem
summary 
OpenStack Nova Filter Scheduler Bypass
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0241
1
reference_url https://access.redhat.com/errata/RHSA-2018:0314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0314
2
reference_url https://access.redhat.com/errata/RHSA-2018:0369
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0369
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.59775
published_at 2026-04-09T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-13T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.5971
published_at 2026-04-07T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.5974
published_at 2026-04-04T12:55:00Z
4
value 0.00385
scoring_system epss
scoring_elements 0.59794
published_at 2026-04-11T12:55:00Z
5
value 0.00385
scoring_system epss
scoring_elements 0.59779
published_at 2026-04-12T12:55:00Z
6
value 0.00385
scoring_system epss
scoring_elements 0.59798
published_at 2026-04-16T12:55:00Z
7
value 0.00385
scoring_system epss
scoring_elements 0.59715
published_at 2026-04-02T12:55:00Z
8
value 0.00385
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16239
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:P
1
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30
9
reference_url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34
10
reference_url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833
11
reference_url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a
12
reference_url https://launchpad.net/bugs/1664931
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1664931
13
reference_url https://security.openstack.org/ossa/OSSA-2017-005.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-005.html
14
reference_url https://www.debian.org/security/2017/dsa-4056
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4056
15
reference_url http://www.securityfocus.com/bid/101950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101950
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
reference_id 1508539
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1508539
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
reference_id 882009
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
reference_id CVE-2017-16239
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16239
31
reference_url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
reference_id GHSA-w2wf-cgwh-vpqg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2wf-cgwh-vpqg
fixed_packages
0
url pkg:deb/debian/nova@2:16.0.3-1?distro=trixie
purl pkg:deb/debian/nova@2:16.0.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2017-16239, GHSA-w2wf-cgwh-vpqg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem
3
url VCID-2dpk-ncrc-1fcw
vulnerability_id VCID-2dpk-ncrc-1fcw
summary An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2622
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2622
1
reference_url https://access.redhat.com/errata/RHSA-2019:2631
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2631
2
reference_url https://access.redhat.com/errata/RHSA-2019:2652
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2652
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
reference_id
reference_type
scores
0
value 0.01327
scoring_system epss
scoring_elements 0.79871
published_at 2026-04-01T12:55:00Z
1
value 0.01327
scoring_system epss
scoring_elements 0.79915
published_at 2026-04-08T12:55:00Z
2
value 0.01327
scoring_system epss
scoring_elements 0.79924
published_at 2026-04-09T12:55:00Z
3
value 0.01327
scoring_system epss
scoring_elements 0.79944
published_at 2026-04-11T12:55:00Z
4
value 0.01327
scoring_system epss
scoring_elements 0.79927
published_at 2026-04-12T12:55:00Z
5
value 0.01327
scoring_system epss
scoring_elements 0.79919
published_at 2026-04-13T12:55:00Z
6
value 0.01327
scoring_system epss
scoring_elements 0.79948
published_at 2026-04-16T12:55:00Z
7
value 0.01327
scoring_system epss
scoring_elements 0.79899
published_at 2026-04-04T12:55:00Z
8
value 0.01327
scoring_system epss
scoring_elements 0.79877
published_at 2026-04-02T12:55:00Z
9
value 0.01327
scoring_system epss
scoring_elements 0.79887
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14433
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml
10
reference_url https://launchpad.net/bugs/1837877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1837877
11
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14433
13
reference_url https://security.openstack.org/ossa/OSSA-2019-003.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-003.html
14
reference_url https://usn.ubuntu.com/4104-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4104-1
15
reference_url https://usn.ubuntu.com/4104-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4104-1/
16
reference_url http://www.openwall.com/lists/oss-security/2019/08/06/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/06/6
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
reference_id 1735522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735522
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
reference_id 934114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114
19
reference_url https://github.com/advisories/GHSA-pg64-r7rr-phv8
reference_id GHSA-pg64-r7rr-phv8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pg64-r7rr-phv8
fixed_packages
0
url pkg:deb/debian/nova@2:19.0.2-1?distro=trixie
purl pkg:deb/debian/nova@2:19.0.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:19.0.2-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2019-14433, GHSA-pg64-r7rr-phv8, PYSEC-2019-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpk-ncrc-1fcw
4
url VCID-4475-ffcq-cff8
vulnerability_id VCID-4475-ffcq-cff8
summary Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3360
reference_id
reference_type
scores
0
value 0.01381
scoring_system epss
scoring_elements 0.80306
published_at 2026-04-16T12:55:00Z
1
value 0.01381
scoring_system epss
scoring_elements 0.80225
published_at 2026-04-01T12:55:00Z
2
value 0.01381
scoring_system epss
scoring_elements 0.80233
published_at 2026-04-02T12:55:00Z
3
value 0.01381
scoring_system epss
scoring_elements 0.80253
published_at 2026-04-04T12:55:00Z
4
value 0.01381
scoring_system epss
scoring_elements 0.80241
published_at 2026-04-07T12:55:00Z
5
value 0.01381
scoring_system epss
scoring_elements 0.80269
published_at 2026-04-08T12:55:00Z
6
value 0.01381
scoring_system epss
scoring_elements 0.80279
published_at 2026-04-09T12:55:00Z
7
value 0.01381
scoring_system epss
scoring_elements 0.80297
published_at 2026-04-11T12:55:00Z
8
value 0.01381
scoring_system epss
scoring_elements 0.80282
published_at 2026-04-12T12:55:00Z
9
value 0.01381
scoring_system epss
scoring_elements 0.80276
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3360
2
reference_url https://bugs.launchpad.net/nova/+bug/1015531
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1015531
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3360
4
reference_url http://secunia.com/advisories/49763
reference_id
reference_type
scores
url http://secunia.com/advisories/49763
5
reference_url http://secunia.com/advisories/49802
reference_id
reference_type
scores
url http://secunia.com/advisories/49802
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
8
reference_url https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml
10
reference_url https://lists.launchpad.net/openstack/msg14089.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg14089.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3360
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3360
12
reference_url http://www.securityfocus.com/bid/54277
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/54277
13
reference_url http://www.ubuntu.com/usn/USN-1497-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1497-1
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110
reference_id 680110
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110
15
reference_url https://github.com/advisories/GHSA-m454-cm7h-rqhh
reference_id GHSA-m454-cm7h-rqhh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m454-cm7h-rqhh
16
reference_url https://usn.ubuntu.com/1497-1/
reference_id USN-1497-1
reference_type
scores
url https://usn.ubuntu.com/1497-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-2?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-3360, GHSA-m454-cm7h-rqhh, PYSEC-2012-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4475-ffcq-cff8
5
url VCID-5nfz-1bk3-93fe
vulnerability_id VCID-5nfz-1bk3-93fe
summary 
OpenStack Nova instance migration process does not stop when instance is deleted
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1723.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1723.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
2
reference_url https://access.redhat.com/errata/RHSA-2015:1723
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1723
3
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
reference_id
reference_type
scores
0
value 0.0197
scoring_system epss
scoring_elements 0.83568
published_at 2026-04-16T12:55:00Z
1
value 0.0197
scoring_system epss
scoring_elements 0.83469
published_at 2026-04-01T12:55:00Z
2
value 0.0197
scoring_system epss
scoring_elements 0.83481
published_at 2026-04-02T12:55:00Z
3
value 0.0197
scoring_system epss
scoring_elements 0.83496
published_at 2026-04-04T12:55:00Z
4
value 0.0197
scoring_system epss
scoring_elements 0.83495
published_at 2026-04-07T12:55:00Z
5
value 0.0197
scoring_system epss
scoring_elements 0.83519
published_at 2026-04-08T12:55:00Z
6
value 0.0197
scoring_system epss
scoring_elements 0.83529
published_at 2026-04-09T12:55:00Z
7
value 0.0197
scoring_system epss
scoring_elements 0.83543
published_at 2026-04-11T12:55:00Z
8
value 0.0197
scoring_system epss
scoring_elements 0.83537
published_at 2026-04-12T12:55:00Z
9
value 0.0197
scoring_system epss
scoring_elements 0.83534
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
10
reference_url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
11
reference_url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
12
reference_url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
13
reference_url https://launchpad.net/bugs/1387543
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1387543
14
reference_url https://security.openstack.org/ossa/OSSA-2015-015.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-015.html
15
reference_url http://www.securityfocus.com/bid/75372
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/75372
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
reference_id 796109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
17
reference_url https://access.redhat.com/security/cve/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3241
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
19
reference_url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
reference_id GHSA-3vx7-xff6-h2vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
20
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
purl pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-3241, GHSA-3vx7-xff6-h2vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe
6
url VCID-5tkb-w761-4qc6
vulnerability_id VCID-5tkb-w761-4qc6
summary keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2030
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10489
published_at 2026-04-12T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10522
published_at 2026-04-11T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10491
published_at 2026-04-09T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10428
published_at 2026-04-08T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10354
published_at 2026-04-07T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10494
published_at 2026-04-04T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10426
published_at 2026-04-02T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10334
published_at 2026-04-16T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10307
published_at 2026-04-01T12:55:00Z
9
value 0.00035
scoring_system epss
scoring_elements 0.10466
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2030
3
reference_url https://bugs.launchpad.net/nova/+bug/1174608
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1174608
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=958285
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=958285
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce
7
reference_url https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7
8
reference_url https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60
9
reference_url https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2030
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2030
12
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/2
13
reference_url https://github.com/advisories/GHSA-pxxv-rv32-2qgv
reference_id GHSA-pxxv-rv32-2qgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxxv-rv32-2qgv
fixed_packages
0
url pkg:deb/debian/nova@0?distro=trixie
purl pkg:deb/debian/nova@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-2030, GHSA-pxxv-rv32-2qgv, PYSEC-2013-45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-w761-4qc6
7
url VCID-5w9q-vw2n-zfdu
vulnerability_id VCID-5w9q-vw2n-zfdu
summary 
OpenStack Nova Denial of Service in network source security groups
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
references
0
reference_url http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f
1
reference_url http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c
2
reference_url http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4185
reference_id
reference_type
scores
0
value 0.00583
scoring_system epss
scoring_elements 0.69004
published_at 2026-04-16T12:55:00Z
1
value 0.00583
scoring_system epss
scoring_elements 0.68965
published_at 2026-04-08T12:55:00Z
2
value 0.00583
scoring_system epss
scoring_elements 0.68984
published_at 2026-04-09T12:55:00Z
3
value 0.00583
scoring_system epss
scoring_elements 0.69007
published_at 2026-04-11T12:55:00Z
4
value 0.00583
scoring_system epss
scoring_elements 0.68992
published_at 2026-04-12T12:55:00Z
5
value 0.00583
scoring_system epss
scoring_elements 0.68963
published_at 2026-04-13T12:55:00Z
6
value 0.00583
scoring_system epss
scoring_elements 0.68897
published_at 2026-04-01T12:55:00Z
7
value 0.00583
scoring_system epss
scoring_elements 0.68914
published_at 2026-04-02T12:55:00Z
8
value 0.00583
scoring_system epss
scoring_elements 0.68935
published_at 2026-04-04T12:55:00Z
9
value 0.00583
scoring_system epss
scoring_elements 0.68915
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4185
6
reference_url https://bugs.launchpad.net/nova/+bug/1184041
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1184041
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
8
reference_url http://seclists.org/oss-sec/2013/q3/282
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/282
9
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907
reference_id 718907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=993331
reference_id 993331
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=993331
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4185
reference_id CVE-2013-4185
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4185
13
reference_url https://github.com/advisories/GHSA-ph2h-hh49-vh27
reference_id GHSA-ph2h-hh49-vh27
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph2h-hh49-vh27
14
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.1.2-3?distro=trixie
purl pkg:deb/debian/nova@2013.1.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4185, GHSA-ph2h-hh49-vh27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w9q-vw2n-zfdu
8
url VCID-6n3z-x4zj-4bez
vulnerability_id VCID-6n3z-x4zj-4bez
summary 
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-2684.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2684.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:2673
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2673
2
reference_url https://access.redhat.com/errata/RHSA-2015:2684
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2684
3
reference_url https://access.redhat.com/errata/RHSA-2016:0013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0013
4
reference_url https://access.redhat.com/errata/RHSA-2016:0017
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0017
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
reference_id
reference_type
scores
0
value 0.01522
scoring_system epss
scoring_elements 0.81298
published_at 2026-04-16T12:55:00Z
1
value 0.01522
scoring_system epss
scoring_elements 0.81198
published_at 2026-04-01T12:55:00Z
2
value 0.01522
scoring_system epss
scoring_elements 0.81206
published_at 2026-04-02T12:55:00Z
3
value 0.01522
scoring_system epss
scoring_elements 0.81229
published_at 2026-04-07T12:55:00Z
4
value 0.01522
scoring_system epss
scoring_elements 0.81257
published_at 2026-04-08T12:55:00Z
5
value 0.01522
scoring_system epss
scoring_elements 0.81262
published_at 2026-04-09T12:55:00Z
6
value 0.01522
scoring_system epss
scoring_elements 0.81283
published_at 2026-04-11T12:55:00Z
7
value 0.01522
scoring_system epss
scoring_elements 0.81269
published_at 2026-04-12T12:55:00Z
8
value 0.01522
scoring_system epss
scoring_elements 0.81261
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
7
reference_url https://bugs.launchpad.net/nova/+bug/1491307
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1491307
8
reference_url https://bugs.launchpad.net/nova/+bug/1492961
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1492961
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://security.openstack.org/ossa/OSSA-2015-021.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-021.html
13
reference_url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
14
reference_url http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76960
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
16
reference_url https://access.redhat.com/security/cve/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-7713
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
18
reference_url https://github.com/advisories/GHSA-67rh-9p29-vrxr
reference_id GHSA-67rh-9p29-vrxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rh-9p29-vrxr
19
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
purl pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-7713, GHSA-67rh-9p29-vrxr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez
9
url VCID-7wvt-bvww-g7ck
vulnerability_id VCID-7wvt-bvww-g7ck
summary 
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id.  NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4278
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42266
published_at 2026-04-16T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42257
published_at 2026-04-04T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42199
published_at 2026-04-07T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.4225
published_at 2026-04-08T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.42258
published_at 2026-04-09T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.4228
published_at 2026-04-11T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-12T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42216
published_at 2026-04-13T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.4217
published_at 2026-04-01T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4278
4
reference_url https://bugs.launchpad.net/ossa/+bug/1212179
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1212179
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9
8
reference_url https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492
9
reference_url https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4278
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4278
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1000086
reference_id 1000086
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1000086
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602
reference_id 720602
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602
13
reference_url https://github.com/advisories/GHSA-43cm-73px-5v4m
reference_id GHSA-43cm-73px-5v4m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43cm-73px-5v4m
14
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.1.3-1?distro=trixie
purl pkg:deb/debian/nova@2013.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4278, GHSA-43cm-73px-5v4m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvt-bvww-g7ck
10
url VCID-7yp4-ebnm-g3c3
vulnerability_id VCID-7yp4-ebnm-g3c3
summary 
OpenStack Nova host data access through resize/migration
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
references
0
reference_url https://access.redhat.com/errata/RHSA-2016:0363
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0363
1
reference_url https://access.redhat.com/errata/RHSA-2016:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0364
2
reference_url https://access.redhat.com/errata/RHSA-2016:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0365
3
reference_url https://access.redhat.com/errata/RHSA-2016:0366
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0366
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2140
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70304
published_at 2026-04-01T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70409
published_at 2026-04-16T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70366
published_at 2026-04-13T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.7038
published_at 2026-04-12T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70395
published_at 2026-04-11T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70371
published_at 2026-04-09T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70356
published_at 2026-04-08T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70311
published_at 2026-04-07T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70334
published_at 2026-04-04T12:55:00Z
9
value 0.00634
scoring_system epss
scoring_elements 0.70317
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2140
6
reference_url https://bugs.launchpad.net/nova/+bug/1548450
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1548450
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1313454
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1313454
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
9
reference_url http://seclists.org/oss-sec/2016/q1/563
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2016/q1/563
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
12
reference_url https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793
13
reference_url https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701
14
reference_url https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666
15
reference_url https://security.openstack.org/ossa/OSSA-2016-007.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-007.html
16
reference_url http://www.openwall.com/lists/oss-security/2016/03/08/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/03/08/6
17
reference_url http://www.securityfocus.com/bid/84277
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/84277
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
19
reference_url https://access.redhat.com/security/cve/CVE-2016-2140
reference_id CVE-2016-2140
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2016-2140
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2140
reference_id CVE-2016-2140
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2140
21
reference_url https://github.com/advisories/GHSA-49jv-37hm-6gfp
reference_id GHSA-49jv-37hm-6gfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49jv-37hm-6gfp
22
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:13.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2016-2140, GHSA-49jv-37hm-6gfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp4-ebnm-g3c3
11
url VCID-9se5-m6dx-8kcj
vulnerability_id VCID-9se5-m6dx-8kcj
summary 
OpenStack Nova Potential Xen connection password leak via StorageError
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8749
reference_id
reference_type
scores
0
value 0.00942
scoring_system epss
scoring_elements 0.76213
published_at 2026-04-01T12:55:00Z
1
value 0.00942
scoring_system epss
scoring_elements 0.76316
published_at 2026-04-16T12:55:00Z
2
value 0.00942
scoring_system epss
scoring_elements 0.76275
published_at 2026-04-13T12:55:00Z
3
value 0.00942
scoring_system epss
scoring_elements 0.7628
published_at 2026-04-12T12:55:00Z
4
value 0.00942
scoring_system epss
scoring_elements 0.76302
published_at 2026-04-11T12:55:00Z
5
value 0.00942
scoring_system epss
scoring_elements 0.76276
published_at 2026-04-09T12:55:00Z
6
value 0.00942
scoring_system epss
scoring_elements 0.76262
published_at 2026-04-08T12:55:00Z
7
value 0.00942
scoring_system epss
scoring_elements 0.7623
published_at 2026-04-07T12:55:00Z
8
value 0.00942
scoring_system epss
scoring_elements 0.7625
published_at 2026-04-04T12:55:00Z
9
value 0.00942
scoring_system epss
scoring_elements 0.76219
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8749
2
reference_url https://bugs.launchpad.net/nova/+bug/1516765
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1516765
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0
7
reference_url https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27
8
reference_url https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77
9
reference_url https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252
10
reference_url https://security.openstack.org/ossa/OSSA-2016-002.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-002.html
11
reference_url http://www.openwall.com/lists/oss-security/2016/01/07/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/07/8
12
reference_url http://www.openwall.com/lists/oss-security/2016/01/07/9
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/01/07/9
13
reference_url http://www.securityfocus.com/bid/80189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/80189
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1296837
reference_id 1296837
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1296837
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8749
reference_id CVE-2015-8749
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8749
17
reference_url https://github.com/advisories/GHSA-c36r-g737-9qp8
reference_id GHSA-c36r-g737-9qp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c36r-g737-9qp8
18
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie
purl pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-8749, GHSA-c36r-g737-9qp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9se5-m6dx-8kcj
12
url VCID-9vq2-2nsa-bbfa
vulnerability_id VCID-9vq2-2nsa-bbfa
summary openstack-nova: Nova VMware driver may connect VNC to another tenant's console
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html
reference_id
reference_type
scores
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1689.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-1689.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1781.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-1781.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-1782.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-1782.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8750.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8750.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8750
reference_id
reference_type
scores
0
value 0.00929
scoring_system epss
scoring_elements 0.76121
published_at 2026-04-16T12:55:00Z
1
value 0.00929
scoring_system epss
scoring_elements 0.76081
published_at 2026-04-13T12:55:00Z
2
value 0.00929
scoring_system epss
scoring_elements 0.7602
published_at 2026-04-01T12:55:00Z
3
value 0.00929
scoring_system epss
scoring_elements 0.76023
published_at 2026-04-02T12:55:00Z
4
value 0.00929
scoring_system epss
scoring_elements 0.76056
published_at 2026-04-04T12:55:00Z
5
value 0.00929
scoring_system epss
scoring_elements 0.76035
published_at 2026-04-07T12:55:00Z
6
value 0.00929
scoring_system epss
scoring_elements 0.76068
published_at 2026-04-08T12:55:00Z
7
value 0.00929
scoring_system epss
scoring_elements 0.76083
published_at 2026-04-09T12:55:00Z
8
value 0.00929
scoring_system epss
scoring_elements 0.76108
published_at 2026-04-11T12:55:00Z
9
value 0.00929
scoring_system epss
scoring_elements 0.76084
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8750
6
reference_url https://bugs.launchpad.net/nova/+bug/1357372
reference_id
reference_type
scores
url https://bugs.launchpad.net/nova/+bug/1357372
7
reference_url http://secunia.com/advisories/60227
reference_id
reference_type
scores
url http://secunia.com/advisories/60227
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url http://www.openwall.com/lists/oss-security/2014/10/14/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/10/14/9
10
reference_url http://www.securityfocus.com/bid/70182
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/70182
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1152346
reference_id 1152346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1152346
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-8750
reference_id CVE-2014-8750
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2014-8750
17
reference_url https://access.redhat.com/errata/RHSA-2014:1689
reference_id RHSA-2014:1689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1689
fixed_packages
0
url pkg:deb/debian/nova@0?distro=trixie
purl pkg:deb/debian/nova@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-8750
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vq2-2nsa-bbfa
13
url VCID-az4e-wgmd-gyc3
vulnerability_id VCID-az4e-wgmd-gyc3
summary 
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4469
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18821
published_at 2026-04-16T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18918
published_at 2026-04-01T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.19054
published_at 2026-04-02T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.19106
published_at 2026-04-04T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18827
published_at 2026-04-07T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18907
published_at 2026-04-08T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18961
published_at 2026-04-09T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18968
published_at 2026-04-11T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18921
published_at 2026-04-12T12:55:00Z
9
value 0.0006
scoring_system epss
scoring_elements 0.1887
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4469
2
reference_url https://bugs.launchpad.net/nova/+bug/1206081
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1206081
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18
6
reference_url https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
7
reference_url https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4469
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4469
9
reference_url http://www.openwall.com/lists/oss-security/2013/10/31/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/31/3
10
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1023581
reference_id 1023581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1023581
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
reference_id 728605
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
13
reference_url https://github.com/advisories/GHSA-2w87-5qcj-j6gx
reference_id GHSA-2w87-5qcj-j6gx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w87-5qcj-j6gx
14
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2-3?distro=trixie
purl pkg:deb/debian/nova@2013.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4469, GHSA-2w87-5qcj-j6gx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-az4e-wgmd-gyc3
14
url VCID-bauj-n7jg-gkd2
vulnerability_id VCID-bauj-n7jg-gkd2
summary 
OpenStack Compute (Nova) Denial of Service vulnerability
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
3
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
4
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.77642
published_at 2026-04-16T12:55:00Z
1
value 0.01057
scoring_system epss
scoring_elements 0.77545
published_at 2026-04-01T12:55:00Z
2
value 0.01057
scoring_system epss
scoring_elements 0.77551
published_at 2026-04-02T12:55:00Z
3
value 0.01057
scoring_system epss
scoring_elements 0.77578
published_at 2026-04-04T12:55:00Z
4
value 0.01057
scoring_system epss
scoring_elements 0.77558
published_at 2026-04-07T12:55:00Z
5
value 0.01057
scoring_system epss
scoring_elements 0.77588
published_at 2026-04-08T12:55:00Z
6
value 0.01057
scoring_system epss
scoring_elements 0.77595
published_at 2026-04-09T12:55:00Z
7
value 0.01057
scoring_system epss
scoring_elements 0.77622
published_at 2026-04-11T12:55:00Z
8
value 0.01057
scoring_system epss
scoring_elements 0.77606
published_at 2026-04-12T12:55:00Z
9
value 0.01057
scoring_system epss
scoring_elements 0.77604
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
7
reference_url https://bugs.launchpad.net/nova/+bug/1358583
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1358583
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
13
reference_url http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70777
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
16
reference_url https://access.redhat.com/security/cve/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3708
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
18
reference_url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
reference_id GHSA-43hc-pwvx-pmfg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-6?distro=trixie
purl pkg:deb/debian/nova@2014.1.3-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-6%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-3708, GHSA-43hc-pwvx-pmfg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2
15
url VCID-br4q-499g-vqhg
vulnerability_id VCID-br4q-499g-vqhg
summary 
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
reference_id
reference_type
scores
0
value 0.00731
scoring_system epss
scoring_elements 0.72721
published_at 2026-04-16T12:55:00Z
1
value 0.00731
scoring_system epss
scoring_elements 0.72679
published_at 2026-04-13T12:55:00Z
2
value 0.00731
scoring_system epss
scoring_elements 0.72689
published_at 2026-04-12T12:55:00Z
3
value 0.00731
scoring_system epss
scoring_elements 0.72706
published_at 2026-04-11T12:55:00Z
4
value 0.00731
scoring_system epss
scoring_elements 0.72682
published_at 2026-04-09T12:55:00Z
5
value 0.00731
scoring_system epss
scoring_elements 0.72669
published_at 2026-04-08T12:55:00Z
6
value 0.00731
scoring_system epss
scoring_elements 0.7263
published_at 2026-04-07T12:55:00Z
7
value 0.00731
scoring_system epss
scoring_elements 0.72653
published_at 2026-04-04T12:55:00Z
8
value 0.00731
scoring_system epss
scoring_elements 0.72635
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://launchpad.net/bugs/1996188
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://launchpad.net/bugs/1996188
5
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
8
reference_url https://security.openstack.org/ossa/OSSA-2023-002.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://security.openstack.org/ossa/OSSA-2023-002.html
9
reference_url https://www.debian.org/security/2023/dsa-5336
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5336
10
reference_url https://www.debian.org/security/2023/dsa-5337
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5337
11
reference_url https://www.debian.org/security/2023/dsa-5338
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5338
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id 1029561
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id 1029562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id 1029563
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id 2161812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
reference_id CVE-2022-47951
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
17
reference_url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
reference_id GHSA-7h75-hwxx-qpgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
18
reference_url https://access.redhat.com/errata/RHSA-2023:1015
reference_id RHSA-2023:1015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1015
19
reference_url https://access.redhat.com/errata/RHSA-2023:1016
reference_id RHSA-2023:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1016
20
reference_url https://access.redhat.com/errata/RHSA-2023:1017
reference_id RHSA-2023:1017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1017
21
reference_url https://access.redhat.com/errata/RHSA-2023:1278
reference_id RHSA-2023:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1278
22
reference_url https://access.redhat.com/errata/RHSA-2023:1279
reference_id RHSA-2023:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1279
23
reference_url https://access.redhat.com/errata/RHSA-2023:1280
reference_id RHSA-2023:1280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1280
24
reference_url https://usn.ubuntu.com/5835-1/
reference_id USN-5835-1
reference_type
scores
url https://usn.ubuntu.com/5835-1/
25
reference_url https://usn.ubuntu.com/5835-2/
reference_id USN-5835-2
reference_type
scores
url https://usn.ubuntu.com/5835-2/
26
reference_url https://usn.ubuntu.com/5835-3/
reference_id USN-5835-3
reference_type
scores
url https://usn.ubuntu.com/5835-3/
27
reference_url https://usn.ubuntu.com/5835-4/
reference_id USN-5835-4
reference_type
scores
url https://usn.ubuntu.com/5835-4/
28
reference_url https://usn.ubuntu.com/5835-5/
reference_id USN-5835-5
reference_type
scores
url https://usn.ubuntu.com/5835-5/
29
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:26.0.0-6?distro=trixie
purl pkg:deb/debian/nova@2:26.0.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0-6%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg
16
url VCID-c7ya-v12e-8bfq
vulnerability_id VCID-c7ya-v12e-8bfq
summary virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3361
reference_id
reference_type
scores
0
value 0.01377
scoring_system epss
scoring_elements 0.80285
published_at 2026-04-16T12:55:00Z
1
value 0.01377
scoring_system epss
scoring_elements 0.80202
published_at 2026-04-01T12:55:00Z
2
value 0.01377
scoring_system epss
scoring_elements 0.8021
published_at 2026-04-02T12:55:00Z
3
value 0.01377
scoring_system epss
scoring_elements 0.8023
published_at 2026-04-04T12:55:00Z
4
value 0.01377
scoring_system epss
scoring_elements 0.80219
published_at 2026-04-07T12:55:00Z
5
value 0.01377
scoring_system epss
scoring_elements 0.80247
published_at 2026-04-08T12:55:00Z
6
value 0.01377
scoring_system epss
scoring_elements 0.80257
published_at 2026-04-09T12:55:00Z
7
value 0.01377
scoring_system epss
scoring_elements 0.80275
published_at 2026-04-11T12:55:00Z
8
value 0.01377
scoring_system epss
scoring_elements 0.8026
published_at 2026-04-12T12:55:00Z
9
value 0.01377
scoring_system epss
scoring_elements 0.80255
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3361
3
reference_url https://bugs.launchpad.net/nova/+bug/1015531
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1015531
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3361
5
reference_url http://secunia.com/advisories/49763
reference_id
reference_type
scores
url http://secunia.com/advisories/49763
6
reference_url http://secunia.com/advisories/49802
reference_id
reference_type
scores
url http://secunia.com/advisories/49802
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
9
reference_url https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml
11
reference_url https://lists.launchpad.net/openstack/msg14089.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg14089.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3361
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3361
13
reference_url https://review.openstack.org/#/c/9268
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/9268
14
reference_url https://review.openstack.org/#/c/9268/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/9268/
15
reference_url http://www.securityfocus.com/bid/54278
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/54278
16
reference_url http://www.ubuntu.com/usn/USN-1497-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1497-1
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110
reference_id 680110
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110
18
reference_url https://github.com/advisories/GHSA-cm54-3vvf-f5p8
reference_id GHSA-cm54-3vvf-f5p8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cm54-3vvf-f5p8
19
reference_url https://usn.ubuntu.com/1497-1/
reference_id USN-1497-1
reference_type
scores
url https://usn.ubuntu.com/1497-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-2?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-3361, GHSA-cm54-3vvf-f5p8, PYSEC-2012-39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7ya-v12e-8bfq
17
url VCID-cwub-w9dp-wfgy
vulnerability_id VCID-cwub-w9dp-wfgy
summary 
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
reference_id
reference_type
scores
0
value 0.00841
scoring_system epss
scoring_elements 0.74752
published_at 2026-04-16T12:55:00Z
1
value 0.00841
scoring_system epss
scoring_elements 0.74715
published_at 2026-04-13T12:55:00Z
2
value 0.00841
scoring_system epss
scoring_elements 0.74724
published_at 2026-04-12T12:55:00Z
3
value 0.00841
scoring_system epss
scoring_elements 0.74745
published_at 2026-04-11T12:55:00Z
4
value 0.00841
scoring_system epss
scoring_elements 0.74722
published_at 2026-04-09T12:55:00Z
5
value 0.00841
scoring_system epss
scoring_elements 0.74707
published_at 2026-04-08T12:55:00Z
6
value 0.00841
scoring_system epss
scoring_elements 0.74674
published_at 2026-04-02T12:55:00Z
7
value 0.00841
scoring_system epss
scoring_elements 0.74671
published_at 2026-04-01T12:55:00Z
8
value 0.00841
scoring_system epss
scoring_elements 0.74675
published_at 2026-04-07T12:55:00Z
9
value 0.00841
scoring_system epss
scoring_elements 0.747
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17051
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
3
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
4
reference_url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9
5
reference_url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23
6
reference_url https://launchpad.net/bugs/1732976
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1732976
7
reference_url https://review.openstack.org/521662
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/521662
8
reference_url https://review.openstack.org/523214
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/523214
9
reference_url https://security.openstack.org/ossa/OSSA-2017-006.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2017-006.html
10
reference_url http://www.securityfocus.com/bid/102102
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/102102
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
reference_id 1519231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1519231
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
reference_id 883621
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
reference_id CVE-2017-17051
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17051
15
reference_url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
reference_id GHSA-vq76-rxx3-4r4r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq76-rxx3-4r4r
fixed_packages
0
url pkg:deb/debian/nova@2:16.0.3-6?distro=trixie
purl pkg:deb/debian/nova@2:16.0.3-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-6%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2017-17051, GHSA-vq76-rxx3-4r4r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwub-w9dp-wfgy
18
url VCID-cy7p-gzf8-eqcj
vulnerability_id VCID-cy7p-gzf8-eqcj
summary 
OpenStack Nova Denial of service attack on the compute host
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
references
0
reference_url http://openwall.com/lists/oss-security/2018/04/20/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2018/04/20/3
1
reference_url https://access.redhat.com/errata/RHSA-2018:2332
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2332
2
reference_url https://access.redhat.com/errata/RHSA-2018:2714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2714
3
reference_url https://access.redhat.com/errata/RHSA-2018:2855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2855
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
reference_id
reference_type
scores
0
value 0.02481
scoring_system epss
scoring_elements 0.85232
published_at 2026-04-02T12:55:00Z
1
value 0.02481
scoring_system epss
scoring_elements 0.85312
published_at 2026-04-16T12:55:00Z
2
value 0.02481
scoring_system epss
scoring_elements 0.85295
published_at 2026-04-12T12:55:00Z
3
value 0.02481
scoring_system epss
scoring_elements 0.85297
published_at 2026-04-11T12:55:00Z
4
value 0.02481
scoring_system epss
scoring_elements 0.85282
published_at 2026-04-09T12:55:00Z
5
value 0.02481
scoring_system epss
scoring_elements 0.85274
published_at 2026-04-08T12:55:00Z
6
value 0.02481
scoring_system epss
scoring_elements 0.85252
published_at 2026-04-07T12:55:00Z
7
value 0.02481
scoring_system epss
scoring_elements 0.8525
published_at 2026-04-04T12:55:00Z
8
value 0.02481
scoring_system epss
scoring_elements 0.8522
published_at 2026-04-01T12:55:00Z
9
value 0.02481
scoring_system epss
scoring_elements 0.85292
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18191
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac
10
reference_url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58
11
reference_url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88
12
reference_url https://launchpad.net/bugs/1739593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1739593
13
reference_url https://review.openstack.org/539893
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/539893
14
reference_url https://security.openstack.org/ossa/OSSA-2018-001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2018-001.html
15
reference_url http://www.securityfocus.com/bid/103104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103104
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
reference_id 1546937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1546937
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
reference_id CVE-2017-18191
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18191
18
reference_url https://github.com/advisories/GHSA-ffmh-r67w-m88f
reference_id GHSA-ffmh-r67w-m88f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffmh-r67w-m88f
19
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:17.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:17.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:17.0.0-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2017-18191, GHSA-ffmh-r67w-m88f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy7p-gzf8-eqcj
19
url VCID-dxxx-4thc-fyfh
vulnerability_id VCID-dxxx-4thc-fyfh
summary virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3447
reference_id
reference_type
scores
0
value 0.00925
scoring_system epss
scoring_elements 0.75953
published_at 2026-04-01T12:55:00Z
1
value 0.00925
scoring_system epss
scoring_elements 0.76052
published_at 2026-04-16T12:55:00Z
2
value 0.00925
scoring_system epss
scoring_elements 0.76012
published_at 2026-04-13T12:55:00Z
3
value 0.00925
scoring_system epss
scoring_elements 0.76017
published_at 2026-04-12T12:55:00Z
4
value 0.00925
scoring_system epss
scoring_elements 0.76041
published_at 2026-04-11T12:55:00Z
5
value 0.00925
scoring_system epss
scoring_elements 0.76016
published_at 2026-04-09T12:55:00Z
6
value 0.00925
scoring_system epss
scoring_elements 0.76001
published_at 2026-04-08T12:55:00Z
7
value 0.00925
scoring_system epss
scoring_elements 0.75968
published_at 2026-04-07T12:55:00Z
8
value 0.00925
scoring_system epss
scoring_elements 0.75989
published_at 2026-04-04T12:55:00Z
9
value 0.00925
scoring_system epss
scoring_elements 0.75957
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3447
1
reference_url https://bugs.launchpad.net/nova/+bug/1031311
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1031311
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=845106
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=845106
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3447
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/77539
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/77539
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3
7
reference_url https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml
9
reference_url https://review.openstack.org/#/c/10953
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/10953
10
reference_url https://review.openstack.org/#/c/10953/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/10953/
11
reference_url https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869
12
reference_url http://www.openwall.com/lists/oss-security/2012/08/07/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/08/07/1
13
reference_url http://www.securityfocus.com/bid/54869
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/54869
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256
reference_id 684256
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3447
reference_id CVE-2012-3447
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3447
18
reference_url https://github.com/advisories/GHSA-xc4g-7vw8-924h
reference_id GHSA-xc4g-7vw8-924h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc4g-7vw8-924h
19
reference_url https://usn.ubuntu.com/1545-1/
reference_id USN-1545-1
reference_type
scores
url https://usn.ubuntu.com/1545-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-6?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-6%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-3447, GHSA-xc4g-7vw8-924h, PYSEC-2012-21
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxxx-4thc-fyfh
20
url VCID-e1f1-xt6n-rqfp
vulnerability_id VCID-e1f1-xt6n-rqfp
summary 
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4076.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4076.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4076
reference_id
reference_type
scores
0
value 0.00408
scoring_system epss
scoring_elements 0.61213
published_at 2026-04-08T12:55:00Z
1
value 0.00408
scoring_system epss
scoring_elements 0.61256
published_at 2026-04-16T12:55:00Z
2
value 0.00408
scoring_system epss
scoring_elements 0.61216
published_at 2026-04-13T12:55:00Z
3
value 0.00408
scoring_system epss
scoring_elements 0.61235
published_at 2026-04-12T12:55:00Z
4
value 0.00408
scoring_system epss
scoring_elements 0.61248
published_at 2026-04-11T12:55:00Z
5
value 0.00408
scoring_system epss
scoring_elements 0.61228
published_at 2026-04-09T12:55:00Z
6
value 0.00408
scoring_system epss
scoring_elements 0.61093
published_at 2026-04-01T12:55:00Z
7
value 0.00408
scoring_system epss
scoring_elements 0.6117
published_at 2026-04-02T12:55:00Z
8
value 0.00408
scoring_system epss
scoring_elements 0.61198
published_at 2026-04-04T12:55:00Z
9
value 0.00408
scoring_system epss
scoring_elements 0.61165
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4076
2
reference_url https://bugs.launchpad.net/nova/+bug/868360
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/868360
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4076
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4076
5
reference_url https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4
6
reference_url https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b
7
reference_url https://www.openwall.com/lists/oss-security/2011/10/25/4
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2011/10/25/4
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=749385
reference_id 749385
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=749385
9
reference_url https://access.redhat.com/security/cve/cve-2011-4076
reference_id CVE-2011-4076
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2011-4076
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4076
reference_id CVE-2011-4076
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4076
11
reference_url https://security-tracker.debian.org/tracker/CVE-2011-4076
reference_id CVE-2011-4076
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2011-4076
12
reference_url https://github.com/advisories/GHSA-vcmv-6rxx-fh7r
reference_id GHSA-vcmv-6rxx-fh7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcmv-6rxx-fh7r
fixed_packages
0
url pkg:deb/debian/nova@2012.1~e1-1?distro=trixie
purl pkg:deb/debian/nova@2012.1~e1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2011-4076, GHSA-vcmv-6rxx-fh7r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1f1-xt6n-rqfp
21
url VCID-e6ne-73mv-73bc
vulnerability_id VCID-e6ne-73mv-73bc
summary 
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40767
reference_id
reference_type
scores
0
value 0.00835
scoring_system epss
scoring_elements 0.74663
published_at 2026-04-16T12:55:00Z
1
value 0.00835
scoring_system epss
scoring_elements 0.74627
published_at 2026-04-13T12:55:00Z
2
value 0.00835
scoring_system epss
scoring_elements 0.74635
published_at 2026-04-12T12:55:00Z
3
value 0.00835
scoring_system epss
scoring_elements 0.74585
published_at 2026-04-02T12:55:00Z
4
value 0.00835
scoring_system epss
scoring_elements 0.74612
published_at 2026-04-04T12:55:00Z
5
value 0.00835
scoring_system epss
scoring_elements 0.74586
published_at 2026-04-07T12:55:00Z
6
value 0.00835
scoring_system epss
scoring_elements 0.74618
published_at 2026-04-08T12:55:00Z
7
value 0.00835
scoring_system epss
scoring_elements 0.74655
published_at 2026-04-11T12:55:00Z
8
value 0.00835
scoring_system epss
scoring_elements 0.74632
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40767
2
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
3
reference_url https://launchpad.net/bugs/2071734
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://launchpad.net/bugs/2071734
4
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-40767
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-40767
6
reference_url https://review.opendev.org/c/openstack/nova/+/924731
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/924731
7
reference_url https://security.openstack.org
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://security.openstack.org
8
reference_url https://security.openstack.org/ossa/OSSA-2024-002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://security.openstack.org/ossa/OSSA-2024-002.html
9
reference_url https://www.openwall.com/lists/oss-security/2024/07/23/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://www.openwall.com/lists/oss-security/2024/07/23/2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2297217
reference_id 2297217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2297217
11
reference_url https://github.com/advisories/GHSA-rm86-h44c-2r2m
reference_id GHSA-rm86-h44c-2r2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rm86-h44c-2r2m
12
reference_url https://access.redhat.com/errata/RHSA-2024:5082
reference_id RHSA-2024:5082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5082
13
reference_url https://access.redhat.com/errata/RHSA-2024:5083
reference_id RHSA-2024:5083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5083
14
reference_url https://access.redhat.com/errata/RHSA-2024:5097
reference_id RHSA-2024:5097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5097
15
reference_url https://access.redhat.com/errata/RHSA-2024:5113
reference_id RHSA-2024:5113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5113
16
reference_url https://usn.ubuntu.com/6911-1/
reference_id USN-6911-1
reference_type
scores
url https://usn.ubuntu.com/6911-1/
fixed_packages
0
url pkg:deb/debian/nova@0?distro=trixie
purl pkg:deb/debian/nova@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2024-40767, GHSA-rm86-h44c-2r2m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc
22
url VCID-ek6e-977t-3bew
vulnerability_id VCID-ek6e-977t-3bew
summary 
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
reference_id
reference_type
scores
0
value 0.00795
scoring_system epss
scoring_elements 0.74016
published_at 2026-04-16T12:55:00Z
1
value 0.00795
scoring_system epss
scoring_elements 0.73925
published_at 2026-04-01T12:55:00Z
2
value 0.00795
scoring_system epss
scoring_elements 0.73935
published_at 2026-04-02T12:55:00Z
3
value 0.00795
scoring_system epss
scoring_elements 0.7396
published_at 2026-04-04T12:55:00Z
4
value 0.00795
scoring_system epss
scoring_elements 0.73931
published_at 2026-04-07T12:55:00Z
5
value 0.00795
scoring_system epss
scoring_elements 0.73965
published_at 2026-04-08T12:55:00Z
6
value 0.00795
scoring_system epss
scoring_elements 0.73979
published_at 2026-04-09T12:55:00Z
7
value 0.00795
scoring_system epss
scoring_elements 0.74002
published_at 2026-04-11T12:55:00Z
8
value 0.00795
scoring_system epss
scoring_elements 0.73984
published_at 2026-04-12T12:55:00Z
9
value 0.00795
scoring_system epss
scoring_elements 0.73976
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
6
reference_url https://launchpad.net/bugs/1392527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1392527
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url https://security.openstack.org/ossa/OSSA-2015-017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-017.html
9
reference_url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
10
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
11
reference_url http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76553
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
reference_id 798883
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://access.redhat.com/security/cve/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3280
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
16
reference_url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
reference_id GHSA-mfmj-gwg3-vhw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
17
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
purl pkg:deb/debian/nova@1:12.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-3280, GHSA-mfmj-gwg3-vhw7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew
23
url VCID-ekfe-svz5-bbcq
vulnerability_id VCID-ekfe-svz5-bbcq
summary Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2101
reference_id
reference_type
scores
0
value 0.00885
scoring_system epss
scoring_elements 0.75435
published_at 2026-04-13T12:55:00Z
1
value 0.00885
scoring_system epss
scoring_elements 0.75446
published_at 2026-04-12T12:55:00Z
2
value 0.00885
scoring_system epss
scoring_elements 0.75467
published_at 2026-04-11T12:55:00Z
3
value 0.00885
scoring_system epss
scoring_elements 0.75447
published_at 2026-04-09T12:55:00Z
4
value 0.00885
scoring_system epss
scoring_elements 0.75438
published_at 2026-04-08T12:55:00Z
5
value 0.00885
scoring_system epss
scoring_elements 0.75415
published_at 2026-04-04T12:55:00Z
6
value 0.00885
scoring_system epss
scoring_elements 0.75477
published_at 2026-04-16T12:55:00Z
7
value 0.00885
scoring_system epss
scoring_elements 0.75395
published_at 2026-04-07T12:55:00Z
8
value 0.00885
scoring_system epss
scoring_elements 0.75378
published_at 2026-04-01T12:55:00Z
9
value 0.00885
scoring_system epss
scoring_elements 0.75382
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2101
3
reference_url https://bugs.launchpad.net/nova/+bug/969545
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/969545
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2101
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2101
5
reference_url http://secunia.com/advisories/49034
reference_id
reference_type
scores
url http://secunia.com/advisories/49034
6
reference_url http://secunia.com/advisories/49048
reference_id
reference_type
scores
url http://secunia.com/advisories/49048
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/75243
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/75243
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7
10
reference_url https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb
11
reference_url https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml
13
reference_url https://lists.launchpad.net/openstack/msg10268.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg10268.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2101
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2101
15
reference_url http://ubuntu.com/usn/usn-1438-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1438-1
16
reference_url http://www.osvdb.org/81641
reference_id
reference_type
scores
url http://www.osvdb.org/81641
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637
reference_id 670637
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637
18
reference_url https://github.com/advisories/GHSA-hq3f-9gf7-73r8
reference_id GHSA-hq3f-9gf7-73r8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq3f-9gf7-73r8
19
reference_url https://usn.ubuntu.com/1438-1/
reference_id USN-1438-1
reference_type
scores
url https://usn.ubuntu.com/1438-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1-2?distro=trixie
purl pkg:deb/debian/nova@2012.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-2101, GHSA-hq3f-9gf7-73r8, PYSEC-2012-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ekfe-svz5-bbcq
24
url VCID-ex1j-py3q-93hv
vulnerability_id VCID-ex1j-py3q-93hv
summary 
Exposure of Sensitive Information to an Unauthorized Actor
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2014:0940
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0940
1
reference_url https://access.redhat.com/errata/RHSA-2014:1084
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1084
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60662
published_at 2026-04-16T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60598
published_at 2026-04-04T12:55:00Z
2
value 0.00398
scoring_system epss
scoring_elements 0.60567
published_at 2026-04-07T12:55:00Z
3
value 0.00398
scoring_system epss
scoring_elements 0.60616
published_at 2026-04-08T12:55:00Z
4
value 0.00398
scoring_system epss
scoring_elements 0.60632
published_at 2026-04-09T12:55:00Z
5
value 0.00398
scoring_system epss
scoring_elements 0.60656
published_at 2026-04-11T12:55:00Z
6
value 0.00398
scoring_system epss
scoring_elements 0.60641
published_at 2026-04-12T12:55:00Z
7
value 0.00398
scoring_system epss
scoring_elements 0.6062
published_at 2026-04-13T12:55:00Z
8
value 0.00398
scoring_system epss
scoring_elements 0.60495
published_at 2026-04-01T12:55:00Z
9
value 0.00398
scoring_system epss
scoring_elements 0.6057
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
4
reference_url https://bugs.launchpad.net/nova/+bug/1325128
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1325128
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url http://www.openwall.com/lists/oss-security/2014/07/17/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/07/17/2
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
reference_id 755042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
12
reference_url https://access.redhat.com/security/cve/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3517
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
14
reference_url https://github.com/advisories/GHSA-xjmj-p278-4jp5
reference_id GHSA-xjmj-p278-4jp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjmj-p278-4jp5
15
reference_url https://usn.ubuntu.com/2325-1/
reference_id USN-2325-1
reference_type
scores
url https://usn.ubuntu.com/2325-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.1-8?distro=trixie
purl pkg:deb/debian/nova@2014.1.1-8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-8%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-3517, GHSA-xjmj-p278-4jp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv
25
url VCID-h6rd-5p7q-s3gq
vulnerability_id VCID-h6rd-5p7q-s3gq
summary 
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38413
published_at 2026-04-16T12:55:00Z
1
value 0.00171
scoring_system epss
scoring_elements 0.38366
published_at 2026-04-13T12:55:00Z
2
value 0.00171
scoring_system epss
scoring_elements 0.38465
published_at 2026-04-02T12:55:00Z
3
value 0.00171
scoring_system epss
scoring_elements 0.38489
published_at 2026-04-04T12:55:00Z
4
value 0.00171
scoring_system epss
scoring_elements 0.38353
published_at 2026-04-07T12:55:00Z
5
value 0.00171
scoring_system epss
scoring_elements 0.38404
published_at 2026-04-08T12:55:00Z
6
value 0.00171
scoring_system epss
scoring_elements 0.38412
published_at 2026-04-09T12:55:00Z
7
value 0.00171
scoring_system epss
scoring_elements 0.38391
published_at 2026-04-12T12:55:00Z
8
value 0.00171
scoring_system epss
scoring_elements 0.38428
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
3
reference_url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
4
reference_url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
5
reference_url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
6
reference_url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
7
reference_url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
8
reference_url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
9
reference_url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
10
reference_url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
11
reference_url https://launchpad.net/bugs/2059809
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://launchpad.net/bugs/2059809
12
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
15
reference_url https://security.openstack.org/ossa/OSSA-2024-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://security.openstack.org/ossa/OSSA-2024-001.html
16
reference_url https://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://www.openwall.com/lists/oss-security/2024/07/02/2
17
reference_url http://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url http://www.openwall.com/lists/oss-security/2024/07/02/2
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id 1074761
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id 1074762
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id 1074763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id 2278663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
22
reference_url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
reference_id GHSA-r4v4-w9pv-6fph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
23
reference_url https://access.redhat.com/errata/RHSA-2024:4272
reference_id RHSA-2024:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4272
24
reference_url https://access.redhat.com/errata/RHSA-2024:4273
reference_id RHSA-2024:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4273
25
reference_url https://access.redhat.com/errata/RHSA-2024:4274
reference_id RHSA-2024:4274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4274
26
reference_url https://access.redhat.com/errata/RHSA-2024:4425
reference_id RHSA-2024:4425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4425
27
reference_url https://usn.ubuntu.com/6882-1/
reference_id USN-6882-1
reference_type
scores
url https://usn.ubuntu.com/6882-1/
28
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
29
reference_url https://usn.ubuntu.com/6883-1/
reference_id USN-6883-1
reference_type
scores
url https://usn.ubuntu.com/6883-1/
30
reference_url https://usn.ubuntu.com/6884-1/
reference_id USN-6884-1
reference_type
scores
url https://usn.ubuntu.com/6884-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.4.0-1~deb11u5?distro=trixie
purl pkg:deb/debian/nova@2:22.4.0-1~deb11u5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u5%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:29.0.2-4?distro=trixie
purl pkg:deb/debian/nova@2:29.0.2-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:29.0.2-4%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
9
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq
26
url VCID-hcsa-vfvp-buax
vulnerability_id VCID-hcsa-vfvp-buax
summary 
OpenStack Nova Router metadata queries are not restricted by tenant
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0091.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0091.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6419
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.68372
published_at 2026-04-13T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68404
published_at 2026-04-12T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68417
published_at 2026-04-11T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.6839
published_at 2026-04-09T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68373
published_at 2026-04-08T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.68326
published_at 2026-04-02T12:55:00Z
6
value 0.00563
scoring_system epss
scoring_elements 0.6841
published_at 2026-04-16T12:55:00Z
7
value 0.00563
scoring_system epss
scoring_elements 0.68345
published_at 2026-04-04T12:55:00Z
8
value 0.00563
scoring_system epss
scoring_elements 0.68306
published_at 2026-04-01T12:55:00Z
9
value 0.00563
scoring_system epss
scoring_elements 0.68322
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6419
4
reference_url https://bugs.launchpad.net/neutron/+bug/1235450
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/neutron/+bug/1235450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55
8
reference_url https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7
9
reference_url https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6419
11
reference_url https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py
12
reference_url https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py
13
reference_url http://www.openwall.com/lists/oss-security/2013/12/11/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/11/8
14
reference_url http://www.securityfocus.com/bid/64250
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/64250
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039148
reference_id 1039148
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039148
16
reference_url https://github.com/advisories/GHSA-22w9-j288-8p9w
reference_id GHSA-22w9-j288-8p9w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22w9-j288-8p9w
17
reference_url https://access.redhat.com/errata/RHSA-2014:0091
reference_id RHSA-2014:0091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0091
18
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
fixed_packages
0
url pkg:deb/debian/nova@2013.2.1-1?distro=trixie
purl pkg:deb/debian/nova@2013.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-6419, GHSA-22w9-j288-8p9w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcsa-vfvp-buax
27
url VCID-hd9e-1msb-uqa6
vulnerability_id VCID-hd9e-1msb-uqa6
summary openstack-cinder: silently access other user's volumes
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2088
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.32496
published_at 2026-04-02T12:55:00Z
1
value 0.00129
scoring_system epss
scoring_elements 0.32404
published_at 2026-04-16T12:55:00Z
2
value 0.00129
scoring_system epss
scoring_elements 0.32402
published_at 2026-04-08T12:55:00Z
3
value 0.00129
scoring_system epss
scoring_elements 0.32429
published_at 2026-04-09T12:55:00Z
4
value 0.00129
scoring_system epss
scoring_elements 0.32432
published_at 2026-04-11T12:55:00Z
5
value 0.00129
scoring_system epss
scoring_elements 0.32395
published_at 2026-04-12T12:55:00Z
6
value 0.00129
scoring_system epss
scoring_elements 0.32367
published_at 2026-04-13T12:55:00Z
7
value 0.00129
scoring_system epss
scoring_elements 0.3253
published_at 2026-04-04T12:55:00Z
8
value 0.00129
scoring_system epss
scoring_elements 0.32353
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2088
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932
reference_id 1035932
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961
reference_id 1035961
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962
reference_id 1035962
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963
reference_id 1035963
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963
8
reference_url https://bugs.launchpad.net/bugs/2004555
reference_id 2004555
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/
url https://bugs.launchpad.net/bugs/2004555
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2179587
reference_id 2179587
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2179587
10
reference_url https://security.openstack.org/ossa/OSSA-2023-003.html
reference_id OSSA-2023-003.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/
url https://security.openstack.org/ossa/OSSA-2023-003.html
11
reference_url https://access.redhat.com/errata/RHSA-2023:3156
reference_id RHSA-2023:3156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3156
12
reference_url https://access.redhat.com/errata/RHSA-2023:3157
reference_id RHSA-2023:3157
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3157
13
reference_url https://access.redhat.com/errata/RHSA-2023:3158
reference_id RHSA-2023:3158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3158
14
reference_url https://access.redhat.com/errata/RHSA-2023:3161
reference_id RHSA-2023:3161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3161
15
reference_url https://usn.ubuntu.com/6073-1/
reference_id USN-6073-1
reference_type
scores
url https://usn.ubuntu.com/6073-1/
16
reference_url https://usn.ubuntu.com/6073-2/
reference_id USN-6073-2
reference_type
scores
url https://usn.ubuntu.com/6073-2/
17
reference_url https://usn.ubuntu.com/6073-3/
reference_id USN-6073-3
reference_type
scores
url https://usn.ubuntu.com/6073-3/
18
reference_url https://usn.ubuntu.com/6073-4/
reference_id USN-6073-4
reference_type
scores
url https://usn.ubuntu.com/6073-4/
19
reference_url https://usn.ubuntu.com/6241-1/
reference_id USN-6241-1
reference_type
scores
url https://usn.ubuntu.com/6241-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.1.0-4?distro=trixie
purl pkg:deb/debian/nova@2:26.1.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.1.0-4%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2023-2088
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd9e-1msb-uqa6
28
url VCID-hgk8-jtvw-9fgb
vulnerability_id VCID-hgk8-jtvw-9fgb
summary nova: qpid SSL configuration
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6491
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.59896
published_at 2026-04-01T12:55:00Z
1
value 0.00389
scoring_system epss
scoring_elements 0.59973
published_at 2026-04-02T12:55:00Z
2
value 0.00389
scoring_system epss
scoring_elements 0.59999
published_at 2026-04-04T12:55:00Z
3
value 0.00389
scoring_system epss
scoring_elements 0.59969
published_at 2026-04-07T12:55:00Z
4
value 0.00389
scoring_system epss
scoring_elements 0.60019
published_at 2026-04-08T12:55:00Z
5
value 0.00389
scoring_system epss
scoring_elements 0.60032
published_at 2026-04-09T12:55:00Z
6
value 0.00389
scoring_system epss
scoring_elements 0.60053
published_at 2026-04-11T12:55:00Z
7
value 0.00389
scoring_system epss
scoring_elements 0.60037
published_at 2026-04-12T12:55:00Z
8
value 0.00389
scoring_system epss
scoring_elements 0.6002
published_at 2026-04-13T12:55:00Z
9
value 0.00389
scoring_system epss
scoring_elements 0.6006
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6491
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1059504
reference_id 1059504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1059504
4
reference_url https://access.redhat.com/errata/RHSA-2014:0112
reference_id RHSA-2014:0112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0112
5
reference_url https://usn.ubuntu.com/2208-1/
reference_id USN-2208-1
reference_type
scores
url https://usn.ubuntu.com/2208-1/
6
reference_url https://usn.ubuntu.com/2208-2/
reference_id USN-2208-2
reference_type
scores
url https://usn.ubuntu.com/2208-2/
7
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2.3-1?distro=trixie
purl pkg:deb/debian/nova@2013.2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-6491
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgk8-jtvw-9fgb
29
url VCID-hur9-b4y5-euek
vulnerability_id VCID-hur9-b4y5-euek
summary OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
references
0
reference_url http://osvdb.org/91303
reference_id
reference_type
scores
url http://osvdb.org/91303
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0709.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0709.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1838.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1838.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1838
reference_id
reference_type
scores
0
value 0.01427
scoring_system epss
scoring_elements 0.80658
published_at 2026-04-16T12:55:00Z
1
value 0.01427
scoring_system epss
scoring_elements 0.80629
published_at 2026-04-13T12:55:00Z
2
value 0.01427
scoring_system epss
scoring_elements 0.80637
published_at 2026-04-12T12:55:00Z
3
value 0.01427
scoring_system epss
scoring_elements 0.80575
published_at 2026-04-01T12:55:00Z
4
value 0.01427
scoring_system epss
scoring_elements 0.8065
published_at 2026-04-11T12:55:00Z
5
value 0.01427
scoring_system epss
scoring_elements 0.80634
published_at 2026-04-09T12:55:00Z
6
value 0.01427
scoring_system epss
scoring_elements 0.80624
published_at 2026-04-08T12:55:00Z
7
value 0.01427
scoring_system epss
scoring_elements 0.80597
published_at 2026-04-07T12:55:00Z
8
value 0.01427
scoring_system epss
scoring_elements 0.80604
published_at 2026-04-04T12:55:00Z
9
value 0.01427
scoring_system epss
scoring_elements 0.80582
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1838
4
reference_url https://bugs.launchpad.net/nova/+bug/1125468
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1125468
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=919648
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=919648
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1838
7
reference_url http://secunia.com/advisories/52580
reference_id
reference_type
scores
url http://secunia.com/advisories/52580
8
reference_url http://secunia.com/advisories/52728
reference_id
reference_type
scores
url http://secunia.com/advisories/52728
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
10
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
11
reference_url https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426
12
reference_url https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6
13
reference_url https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml
15
reference_url https://lists.launchpad.net/openstack/msg21892.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg21892.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1838
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1838
17
reference_url https://review.openstack.org/#/c/24451
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/24451
18
reference_url https://review.openstack.org/#/c/24451/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/24451/
19
reference_url https://review.openstack.org/#/c/24452
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/24452
20
reference_url https://review.openstack.org/#/c/24452/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/24452/
21
reference_url https://review.openstack.org/#/c/24453
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/24453
22
reference_url https://review.openstack.org/#/c/24453/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/24453/
23
reference_url http://ubuntu.com/usn/usn-1771-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1771-1
24
reference_url http://www.openwall.com/lists/oss-security/2013/03/14/18
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/03/14/18
25
reference_url http://www.securityfocus.com/bid/58492
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58492
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064
reference_id 703064
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
33
reference_url https://github.com/advisories/GHSA-63fq-8fp9-vhwq
reference_id GHSA-63fq-8fp9-vhwq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63fq-8fp9-vhwq
34
reference_url https://access.redhat.com/errata/RHSA-2013:0709
reference_id RHSA-2013:0709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0709
35
reference_url https://usn.ubuntu.com/1771-1/
reference_id USN-1771-1
reference_type
scores
url https://usn.ubuntu.com/1771-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-15?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-15?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-15%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-1838, GHSA-63fq-8fp9-vhwq, PYSEC-2013-44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hur9-b4y5-euek
30
url VCID-jdb7-71q5-pfcx
vulnerability_id VCID-jdb7-71q5-pfcx
summary 
OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1508
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1508
1
reference_url https://access.redhat.com/errata/RHSA-2017:1595
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1595
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
reference_id
reference_type
scores
0
value 0.01297
scoring_system epss
scoring_elements 0.79665
published_at 2026-04-07T12:55:00Z
1
value 0.01297
scoring_system epss
scoring_elements 0.79727
published_at 2026-04-16T12:55:00Z
2
value 0.01297
scoring_system epss
scoring_elements 0.79698
published_at 2026-04-13T12:55:00Z
3
value 0.01297
scoring_system epss
scoring_elements 0.79705
published_at 2026-04-12T12:55:00Z
4
value 0.01297
scoring_system epss
scoring_elements 0.79721
published_at 2026-04-11T12:55:00Z
5
value 0.01297
scoring_system epss
scoring_elements 0.7965
published_at 2026-04-01T12:55:00Z
6
value 0.01297
scoring_system epss
scoring_elements 0.797
published_at 2026-04-09T12:55:00Z
7
value 0.01297
scoring_system epss
scoring_elements 0.79693
published_at 2026-04-08T12:55:00Z
8
value 0.01297
scoring_system epss
scoring_elements 0.79657
published_at 2026-04-02T12:55:00Z
9
value 0.01297
scoring_system epss
scoring_elements 0.79678
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7214
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
8
reference_url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
9
reference_url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
10
reference_url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
11
reference_url https://launchpad.net/bugs/1673569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1673569
12
reference_url http://www.securityfocus.com/bid/96998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96998
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
reference_id 1434844
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1434844
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
reference_id 858568
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
reference_id CVE-2017-7214
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
28
reference_url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
reference_id GHSA-f4g4-cj8f-3cr9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
fixed_packages
0
url pkg:deb/debian/nova@2:14.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:14.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2017-7214, GHSA-f4g4-cj8f-3cr9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdb7-71q5-pfcx
31
url VCID-jdn1-d4d3-sud7
vulnerability_id VCID-jdn1-d4d3-sud7
summary The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0134
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42228
published_at 2026-04-02T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42266
published_at 2026-04-16T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42216
published_at 2026-04-13T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42244
published_at 2026-04-12T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.4228
published_at 2026-04-11T12:55:00Z
5
value 0.00201
scoring_system epss
scoring_elements 0.42258
published_at 2026-04-09T12:55:00Z
6
value 0.00201
scoring_system epss
scoring_elements 0.4225
published_at 2026-04-08T12:55:00Z
7
value 0.00201
scoring_system epss
scoring_elements 0.42199
published_at 2026-04-07T12:55:00Z
8
value 0.00201
scoring_system epss
scoring_elements 0.42257
published_at 2026-04-04T12:55:00Z
9
value 0.00201
scoring_system epss
scoring_elements 0.4217
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0134
2
reference_url https://bugs.launchpad.net/nova/+bug/1221190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1221190
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637
6
reference_url https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714
7
reference_url https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0134
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0134
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/27/6
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/27/6
11
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1078002
reference_id 1078002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1078002
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712
reference_id 742712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712
14
reference_url https://github.com/advisories/GHSA-w429-xc55-hc48
reference_id GHSA-w429-xc55-hc48
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w429-xc55-hc48
15
reference_url https://access.redhat.com/errata/RHSA-2014:0578
reference_id RHSA-2014:0578
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0578
16
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2.2-4?distro=trixie
purl pkg:deb/debian/nova@2013.2.2-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2-4%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-0134, GHSA-w429-xc55-hc48, PYSEC-2014-112
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdn1-d4d3-sud7
32
url VCID-k48d-ecqx-m3ed
vulnerability_id VCID-k48d-ecqx-m3ed
summary openstack-nova: May fail to delete images in resize state regression
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7498
reference_id
reference_type
scores
0
value 0.02248
scoring_system epss
scoring_elements 0.84504
published_at 2026-04-01T12:55:00Z
1
value 0.02248
scoring_system epss
scoring_elements 0.84519
published_at 2026-04-02T12:55:00Z
2
value 0.02248
scoring_system epss
scoring_elements 0.8454
published_at 2026-04-04T12:55:00Z
3
value 0.02248
scoring_system epss
scoring_elements 0.84544
published_at 2026-04-07T12:55:00Z
4
value 0.02248
scoring_system epss
scoring_elements 0.84565
published_at 2026-04-08T12:55:00Z
5
value 0.02248
scoring_system epss
scoring_elements 0.84572
published_at 2026-04-09T12:55:00Z
6
value 0.02248
scoring_system epss
scoring_elements 0.8459
published_at 2026-04-11T12:55:00Z
7
value 0.02248
scoring_system epss
scoring_elements 0.84586
published_at 2026-04-12T12:55:00Z
8
value 0.02248
scoring_system epss
scoring_elements 0.84582
published_at 2026-04-13T12:55:00Z
9
value 0.02248
scoring_system epss
scoring_elements 0.84601
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1378661
reference_id 1378661
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1378661
fixed_packages
0
url pkg:deb/debian/nova@2:13.1.0-1?distro=trixie
purl pkg:deb/debian/nova@2:13.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2016-7498
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k48d-ecqx-m3ed
33
url VCID-kncr-vrmh-fygm
vulnerability_id VCID-kncr-vrmh-fygm
summary The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1068
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44866
published_at 2026-04-16T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44729
published_at 2026-04-01T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44809
published_at 2026-04-02T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.4483
published_at 2026-04-04T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.4477
published_at 2026-04-07T12:55:00Z
5
value 0.00222
scoring_system epss
scoring_elements 0.44823
published_at 2026-04-08T12:55:00Z
6
value 0.00222
scoring_system epss
scoring_elements 0.44825
published_at 2026-04-09T12:55:00Z
7
value 0.00222
scoring_system epss
scoring_elements 0.44842
published_at 2026-04-11T12:55:00Z
8
value 0.00222
scoring_system epss
scoring_elements 0.44811
published_at 2026-04-12T12:55:00Z
9
value 0.00222
scoring_system epss
scoring_elements 0.44813
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1068
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068
2
reference_url http://ubuntu.com/usn/usn-2248-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2248-1
3
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2247-1
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579
reference_id 753579
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
reference_id 753585
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1068
reference_id CVE-2013-1068
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2013-1068
9
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
10
reference_url https://usn.ubuntu.com/2248-1/
reference_id USN-2248-1
reference_type
scores
url https://usn.ubuntu.com/2248-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.1-4?distro=trixie
purl pkg:deb/debian/nova@2014.1.1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-4%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-1068
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kncr-vrmh-fygm
34
url VCID-kqbu-drg3-fycm
vulnerability_id VCID-kqbu-drg3-fycm
summary 
OpenStack Nova denial of service through compressed disk images
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
references
0
reference_url http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f
1
reference_url http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0112.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0112.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4463
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19014
published_at 2026-04-16T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19017
published_at 2026-04-07T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19097
published_at 2026-04-08T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.1915
published_at 2026-04-09T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19157
published_at 2026-04-11T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19111
published_at 2026-04-12T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19058
published_at 2026-04-13T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19116
published_at 2026-04-01T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.1925
published_at 2026-04-02T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.19302
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4463
5
reference_url https://bugs.launchpad.net/nova/+bug/1206081
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1206081
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
7
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
8
reference_url http://www.openwall.com/lists/oss-security/2013/10/31/3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/31/3
9
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1023239
reference_id 1023239
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1023239
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
reference_id 728605
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4463
reference_id CVE-2013-4463
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4463
13
reference_url https://github.com/advisories/GHSA-5644-2v3h-5w4x
reference_id GHSA-5644-2v3h-5w4x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5644-2v3h-5w4x
14
reference_url https://access.redhat.com/errata/RHSA-2014:0112
reference_id RHSA-2014:0112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0112
15
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2-3?distro=trixie
purl pkg:deb/debian/nova@2013.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4463, GHSA-5644-2v3h-5w4x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqbu-drg3-fycm
35
url VCID-m5vc-4my3-87gk
vulnerability_id VCID-m5vc-4my3-87gk
summary 
OpenStack Nova Changing vnic_type breaks compute service restart
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37394
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18186
published_at 2026-04-16T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18241
published_at 2026-04-13T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18292
published_at 2026-04-12T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18339
published_at 2026-04-11T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18338
published_at 2026-04-09T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18285
published_at 2026-04-08T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18202
published_at 2026-04-07T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.18492
published_at 2026-04-04T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18438
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37394
2
reference_url https://bugs.launchpad.net/ossa/+bug/1981813
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1981813
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde
7
reference_url https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206
8
reference_url https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44
9
reference_url https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a
10
reference_url https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e
11
reference_url https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37394
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37394
13
reference_url https://review.opendev.org/c/openstack/nova/+/849985
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/849985
14
reference_url https://review.opendev.org/c/openstack/nova/+/850003
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/850003
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980
reference_id 1016980
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2117333
reference_id 2117333
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2117333
17
reference_url https://github.com/advisories/GHSA-v725-c588-h936
reference_id GHSA-v725-c588-h936
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v725-c588-h936
18
reference_url https://access.redhat.com/errata/RHSA-2023:1948
reference_id RHSA-2023:1948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1948
19
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:26.0.0~rc1-3?distro=trixie
purl pkg:deb/debian/nova@2:26.0.0~rc1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0~rc1-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2022-37394, GHSA-v725-c588-h936
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vc-4my3-87gk
36
url VCID-n6d6-1kyd-qufe
vulnerability_id VCID-n6d6-1kyd-qufe
summary 
OpenStack Compute Nova Improper Access Control
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4497
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.2391
published_at 2026-04-16T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.23923
published_at 2026-04-01T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.24049
published_at 2026-04-02T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.24087
published_at 2026-04-04T12:55:00Z
4
value 0.00081
scoring_system epss
scoring_elements 0.2387
published_at 2026-04-07T12:55:00Z
5
value 0.00081
scoring_system epss
scoring_elements 0.23937
published_at 2026-04-08T12:55:00Z
6
value 0.00081
scoring_system epss
scoring_elements 0.23983
published_at 2026-04-09T12:55:00Z
7
value 0.00081
scoring_system epss
scoring_elements 0.24
published_at 2026-04-11T12:55:00Z
8
value 0.00081
scoring_system epss
scoring_elements 0.23956
published_at 2026-04-12T12:55:00Z
9
value 0.00081
scoring_system epss
scoring_elements 0.239
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4497
2
reference_url https://bugs.launchpad.net/nova/+bug/1073306
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1073306
3
reference_url https://bugs.launchpad.net/nova/+bug/1202266
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1202266
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
7
reference_url https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
8
reference_url https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
9
reference_url https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4497
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4497
11
reference_url http://www.openwall.com/lists/oss-security/2013/11/03/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/03/2
12
reference_url http://www.openwall.com/lists/oss-security/2013/11/03/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/03/3
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1026171
reference_id 1026171
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1026171
14
reference_url https://github.com/advisories/GHSA-27q4-38qf-m25h
reference_id GHSA-27q4-38qf-m25h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27q4-38qf-m25h
15
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
fixed_packages
0
url pkg:deb/debian/nova@2013.2-1?distro=trixie
purl pkg:deb/debian/nova@2013.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4497, GHSA-27q4-38qf-m25h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6d6-1kyd-qufe
37
url VCID-nb1y-cbzs-abhc
vulnerability_id VCID-nb1y-cbzs-abhc
summary openstack-nova: Unprivileged API user can access host data using instance snapshot
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-0018.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-0018.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7548
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38399
published_at 2026-04-13T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38461
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38424
published_at 2026-04-12T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38363
published_at 2026-04-01T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.385
published_at 2026-04-02T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38525
published_at 2026-04-04T12:55:00Z
6
value 0.00172
scoring_system epss
scoring_elements 0.38387
published_at 2026-04-07T12:55:00Z
7
value 0.00172
scoring_system epss
scoring_elements 0.38438
published_at 2026-04-08T12:55:00Z
8
value 0.00172
scoring_system epss
scoring_elements 0.38446
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7548
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:C/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.openstack.org/ossa/OSSA-2016-001.html
reference_id
reference_type
scores
url https://security.openstack.org/ossa/OSSA-2016-001.html
6
reference_url http://www.securityfocus.com/bid/80176
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80176
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290511
reference_id 1290511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290511
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7548
reference_id CVE-2015-7548
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:N/A:N
1
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2015-7548
10
reference_url https://access.redhat.com/errata/RHSA-2016:0018
reference_id RHSA-2016:0018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0018
11
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie
purl pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-7548
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nb1y-cbzs-abhc
38
url VCID-nh9z-sxay-fkdv
vulnerability_id VCID-nh9z-sxay-fkdv
summary The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3371
reference_id
reference_type
scores
0
value 0.00881
scoring_system epss
scoring_elements 0.754
published_at 2026-04-16T12:55:00Z
1
value 0.00881
scoring_system epss
scoring_elements 0.75305
published_at 2026-04-01T12:55:00Z
2
value 0.00881
scoring_system epss
scoring_elements 0.75309
published_at 2026-04-02T12:55:00Z
3
value 0.00881
scoring_system epss
scoring_elements 0.75341
published_at 2026-04-04T12:55:00Z
4
value 0.00881
scoring_system epss
scoring_elements 0.75319
published_at 2026-04-07T12:55:00Z
5
value 0.00881
scoring_system epss
scoring_elements 0.75362
published_at 2026-04-08T12:55:00Z
6
value 0.00881
scoring_system epss
scoring_elements 0.75372
published_at 2026-04-09T12:55:00Z
7
value 0.00881
scoring_system epss
scoring_elements 0.75392
published_at 2026-04-11T12:55:00Z
8
value 0.00881
scoring_system epss
scoring_elements 0.7537
published_at 2026-04-12T12:55:00Z
9
value 0.00881
scoring_system epss
scoring_elements 0.75359
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3371
1
reference_url https://bugs.launchpad.net/nova/+bug/1017795
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1017795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3371
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3371
3
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
4
reference_url https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml
6
reference_url https://lists.launchpad.net/openstack/msg14452.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg14452.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3371
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3371
8
reference_url http://www.openwall.com/lists/oss-security/2012/07/11/13
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/07/11/13
9
reference_url http://www.securityfocus.com/bid/54388
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/54388
10
reference_url http://www.ubuntu.com/usn/USN-1501-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1501-1
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301
reference_id 681301
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301
12
reference_url https://github.com/advisories/GHSA-xxgm-qpj5-4886
reference_id GHSA-xxgm-qpj5-4886
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxgm-qpj5-4886
13
reference_url https://usn.ubuntu.com/1501-1/
reference_id USN-1501-1
reference_type
scores
url https://usn.ubuntu.com/1501-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-5?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-5%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-3371, GHSA-xxgm-qpj5-4886, PYSEC-2012-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh9z-sxay-fkdv
39
url VCID-nryd-hrub-cydj
vulnerability_id VCID-nryd-hrub-cydj
summary OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
references
0
reference_url http://osvdb.org/88419
reference_id
reference_type
scores
url http://osvdb.org/88419
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0208.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0208.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5625.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5625.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5625
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.77611
published_at 2026-04-13T12:55:00Z
1
value 0.01057
scoring_system epss
scoring_elements 0.77612
published_at 2026-04-12T12:55:00Z
2
value 0.01057
scoring_system epss
scoring_elements 0.77628
published_at 2026-04-11T12:55:00Z
3
value 0.01057
scoring_system epss
scoring_elements 0.77601
published_at 2026-04-09T12:55:00Z
4
value 0.01057
scoring_system epss
scoring_elements 0.77584
published_at 2026-04-04T12:55:00Z
5
value 0.01057
scoring_system epss
scoring_elements 0.77648
published_at 2026-04-16T12:55:00Z
6
value 0.01057
scoring_system epss
scoring_elements 0.77551
published_at 2026-04-01T12:55:00Z
7
value 0.01057
scoring_system epss
scoring_elements 0.77564
published_at 2026-04-07T12:55:00Z
8
value 0.01057
scoring_system epss
scoring_elements 0.77558
published_at 2026-04-02T12:55:00Z
9
value 0.01057
scoring_system epss
scoring_elements 0.77594
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5625
4
reference_url https://bugs.launchpad.net/nova/+bug/1070539
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1070539
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=884293
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=884293
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
8
reference_url https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml
10
reference_url https://launchpad.net/nova/folsom/2012.2.2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/nova/folsom/2012.2.2
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5625
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5625
12
reference_url http://www.openwall.com/lists/oss-security/2012/12/11/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/12/11/5
13
reference_url http://www.securityfocus.com/bid/56904
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/56904
14
reference_url http://www.ubuntu.com/usn/USN-1663-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1663-1
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
17
reference_url https://github.com/advisories/GHSA-rwhr-h69g-8qmq
reference_id GHSA-rwhr-h69g-8qmq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwhr-h69g-8qmq
18
reference_url https://usn.ubuntu.com/1663-1/
reference_id USN-1663-1
reference_type
scores
url https://usn.ubuntu.com/1663-1/
fixed_packages
0
url pkg:deb/debian/nova@0?distro=trixie
purl pkg:deb/debian/nova@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-5625, GHSA-rwhr-h69g-8qmq, PYSEC-2012-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nryd-hrub-cydj
40
url VCID-p288-4te1-6qhc
vulnerability_id VCID-p288-4te1-6qhc
summary Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0030
reference_id
reference_type
scores
0
value 0.00549
scoring_system epss
scoring_elements 0.67862
published_at 2026-04-01T12:55:00Z
1
value 0.00549
scoring_system epss
scoring_elements 0.67886
published_at 2026-04-02T12:55:00Z
2
value 0.00549
scoring_system epss
scoring_elements 0.67904
published_at 2026-04-04T12:55:00Z
3
value 0.00549
scoring_system epss
scoring_elements 0.67884
published_at 2026-04-07T12:55:00Z
4
value 0.00549
scoring_system epss
scoring_elements 0.67934
published_at 2026-04-08T12:55:00Z
5
value 0.00549
scoring_system epss
scoring_elements 0.67948
published_at 2026-04-09T12:55:00Z
6
value 0.00549
scoring_system epss
scoring_elements 0.67972
published_at 2026-04-11T12:55:00Z
7
value 0.00549
scoring_system epss
scoring_elements 0.67959
published_at 2026-04-12T12:55:00Z
8
value 0.00549
scoring_system epss
scoring_elements 0.67923
published_at 2026-04-13T12:55:00Z
9
value 0.00549
scoring_system epss
scoring_elements 0.67961
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0030
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0030
2
reference_url https://usn.ubuntu.com/1326-1/
reference_id USN-1326-1
reference_type
scores
url https://usn.ubuntu.com/1326-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1~rc1-1?distro=trixie
purl pkg:deb/debian/nova@2012.1~rc1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~rc1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-0030
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p288-4te1-6qhc
41
url VCID-q246-vzd6-3qfb
vulnerability_id VCID-q246-vzd6-3qfb
summary 
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2014:1084
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1084
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json
2
reference_url https://access.redhat.com/security/cve/CVE-2014-0167
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-0167
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0167
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59655
published_at 2026-04-09T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59639
published_at 2026-04-13T12:55:00Z
2
value 0.00383
scoring_system epss
scoring_elements 0.59658
published_at 2026-04-12T12:55:00Z
3
value 0.00383
scoring_system epss
scoring_elements 0.59675
published_at 2026-04-11T12:55:00Z
4
value 0.00383
scoring_system epss
scoring_elements 0.59523
published_at 2026-04-01T12:55:00Z
5
value 0.00383
scoring_system epss
scoring_elements 0.59596
published_at 2026-04-02T12:55:00Z
6
value 0.00383
scoring_system epss
scoring_elements 0.59621
published_at 2026-04-04T12:55:00Z
7
value 0.00383
scoring_system epss
scoring_elements 0.59591
published_at 2026-04-07T12:55:00Z
8
value 0.00383
scoring_system epss
scoring_elements 0.59642
published_at 2026-04-08T12:55:00Z
9
value 0.00383
scoring_system epss
scoring_elements 0.59672
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0167
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1084868
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1084868
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167
6
reference_url https://launchpad.net/bugs/1290537
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1290537
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0167
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0167
8
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
9
reference_url http://www.openwall.com/lists/oss-security/2014/04/09/26
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/04/09/26
10
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051
reference_id 744051
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051
12
reference_url https://github.com/advisories/GHSA-p258-xmh3-72pv
reference_id GHSA-p258-xmh3-72pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p258-xmh3-72pv
13
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2.3-1?distro=trixie
purl pkg:deb/debian/nova@2013.2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-0167, GHSA-p258-xmh3-72pv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q246-vzd6-3qfb
42
url VCID-q9q9-jegz-pfa2
vulnerability_id VCID-q9q9-jegz-pfa2
summary 
OpenStack Nova Multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4596
reference_id
reference_type
scores
0
value 0.00541
scoring_system epss
scoring_elements 0.67675
published_at 2026-04-16T12:55:00Z
1
value 0.00541
scoring_system epss
scoring_elements 0.67564
published_at 2026-04-01T12:55:00Z
2
value 0.00541
scoring_system epss
scoring_elements 0.67601
published_at 2026-04-07T12:55:00Z
3
value 0.00541
scoring_system epss
scoring_elements 0.67622
published_at 2026-04-04T12:55:00Z
4
value 0.00541
scoring_system epss
scoring_elements 0.67652
published_at 2026-04-08T12:55:00Z
5
value 0.00541
scoring_system epss
scoring_elements 0.67666
published_at 2026-04-09T12:55:00Z
6
value 0.00541
scoring_system epss
scoring_elements 0.67689
published_at 2026-04-11T12:55:00Z
7
value 0.00541
scoring_system epss
scoring_elements 0.67674
published_at 2026-04-12T12:55:00Z
8
value 0.00541
scoring_system epss
scoring_elements 0.67641
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4596
1
reference_url https://bugs.launchpad.net/nova/+bug/885167
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/885167
2
reference_url https://bugs.launchpad.net/nova/+bug/894755
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/894755
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4596
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6
6
reference_url https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e
7
reference_url https://lists.launchpad.net/openstack/msg06105.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg06105.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4596
reference_id CVE-2011-4596
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4596
9
reference_url https://github.com/advisories/GHSA-qr62-r9xc-r2gj
reference_id GHSA-qr62-r9xc-r2gj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qr62-r9xc-r2gj
10
reference_url https://usn.ubuntu.com/1305-1/
reference_id USN-1305-1
reference_type
scores
url https://usn.ubuntu.com/1305-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1~e1-4?distro=trixie
purl pkg:deb/debian/nova@2012.1~e1-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-4%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2011-4596, GHSA-qr62-r9xc-r2gj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9q9-jegz-pfa2
43
url VCID-qb9p-rpza-5fa5
vulnerability_id VCID-qb9p-rpza-5fa5
summary 
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.64708
published_at 2026-04-16T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.64632
published_at 2026-04-07T12:55:00Z
2
value 0.00472
scoring_system epss
scoring_elements 0.6468
published_at 2026-04-08T12:55:00Z
3
value 0.00472
scoring_system epss
scoring_elements 0.64695
published_at 2026-04-09T12:55:00Z
4
value 0.00472
scoring_system epss
scoring_elements 0.64712
published_at 2026-04-11T12:55:00Z
5
value 0.00472
scoring_system epss
scoring_elements 0.647
published_at 2026-04-12T12:55:00Z
6
value 0.00472
scoring_system epss
scoring_elements 0.64672
published_at 2026-04-13T12:55:00Z
7
value 0.00472
scoring_system epss
scoring_elements 0.64593
published_at 2026-04-01T12:55:00Z
8
value 0.00472
scoring_system epss
scoring_elements 0.64646
published_at 2026-04-02T12:55:00Z
9
value 0.00472
scoring_system epss
scoring_elements 0.64674
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
4
reference_url https://bugs.launchpad.net/nova/+bug/1194093
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1194093
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=993340
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=993340
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
7
reference_url http://seclists.org/oss-sec/2013/q3/281
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/281
8
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
reference_id 718905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
10
reference_url https://access.redhat.com/security/cve/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2256
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
12
reference_url https://github.com/advisories/GHSA-5mj6-643f-2g85
reference_id GHSA-5mj6-643f-2g85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mj6-643f-2g85
13
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.1.2-3?distro=trixie
purl pkg:deb/debian/nova@2013.1.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-2256, GHSA-5mj6-643f-2g85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5
44
url VCID-qe1w-wnfu-mudr
vulnerability_id VCID-qe1w-wnfu-mudr
summary OpenStack: openstack-nova-compute console-log DoS
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4261
reference_id
reference_type
scores
0
value 0.00596
scoring_system epss
scoring_elements 0.69285
published_at 2026-04-01T12:55:00Z
1
value 0.00596
scoring_system epss
scoring_elements 0.69297
published_at 2026-04-02T12:55:00Z
2
value 0.00596
scoring_system epss
scoring_elements 0.69315
published_at 2026-04-04T12:55:00Z
3
value 0.00596
scoring_system epss
scoring_elements 0.69294
published_at 2026-04-07T12:55:00Z
4
value 0.00596
scoring_system epss
scoring_elements 0.69345
published_at 2026-04-08T12:55:00Z
5
value 0.00596
scoring_system epss
scoring_elements 0.69361
published_at 2026-04-09T12:55:00Z
6
value 0.00596
scoring_system epss
scoring_elements 0.69384
published_at 2026-04-11T12:55:00Z
7
value 0.00596
scoring_system epss
scoring_elements 0.69368
published_at 2026-04-12T12:55:00Z
8
value 0.00596
scoring_system epss
scoring_elements 0.69355
published_at 2026-04-13T12:55:00Z
9
value 0.00596
scoring_system epss
scoring_elements 0.69393
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4261
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=999271
reference_id 999271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=999271
4
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2-1?distro=trixie
purl pkg:deb/debian/nova@2013.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4261
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qe1w-wnfu-mudr
45
url VCID-qfdm-g857-3yb5
vulnerability_id VCID-qfdm-g857-3yb5
summary 
OpenStack Nova can leak consoleauth token into log files
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.2419
published_at 2026-04-16T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24364
published_at 2026-04-04T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24173
published_at 2026-04-13T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.2423
published_at 2026-04-12T12:55:00Z
4
value 0.00083
scoring_system epss
scoring_elements 0.24273
published_at 2026-04-11T12:55:00Z
5
value 0.00083
scoring_system epss
scoring_elements 0.24256
published_at 2026-04-09T12:55:00Z
6
value 0.00083
scoring_system epss
scoring_elements 0.24213
published_at 2026-04-08T12:55:00Z
7
value 0.00083
scoring_system epss
scoring_elements 0.24147
published_at 2026-04-07T12:55:00Z
8
value 0.00083
scoring_system epss
scoring_elements 0.24201
published_at 2026-04-01T12:55:00Z
9
value 0.00083
scoring_system epss
scoring_elements 0.2433
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-9543
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232
5
reference_url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e
6
reference_url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3
7
reference_url https://launchpad.net/bugs/1492140
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1492140
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-9543
9
reference_url https://review.opendev.org/220622
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/220622
10
reference_url https://security.openstack.org/ossa/OSSA-2020-001.html
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-001.html
11
reference_url http://www.openwall.com/lists/oss-security/2020/02/19/2
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/02/19/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
reference_id 1805386
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805386
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
reference_id 951635
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635
14
reference_url https://github.com/advisories/GHSA-22jm-4hxw-35jf
reference_id GHSA-22jm-4hxw-35jf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22jm-4hxw-35jf
15
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:20.1.1-1?distro=trixie
purl pkg:deb/debian/nova@2:20.1.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:20.1.1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-9543, GHSA-22jm-4hxw-35jf
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdm-g857-3yb5
46
url VCID-qnhs-qv3p-myg2
vulnerability_id VCID-qnhs-qv3p-myg2
summary The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2573
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28696
published_at 2026-04-12T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28668
published_at 2026-04-16T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28648
published_at 2026-04-13T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.2874
published_at 2026-04-11T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28736
published_at 2026-04-09T12:55:00Z
5
value 0.00106
scoring_system epss
scoring_elements 0.28698
published_at 2026-04-08T12:55:00Z
6
value 0.00106
scoring_system epss
scoring_elements 0.28632
published_at 2026-04-07T12:55:00Z
7
value 0.00106
scoring_system epss
scoring_elements 0.28826
published_at 2026-04-04T12:55:00Z
8
value 0.00106
scoring_system epss
scoring_elements 0.28778
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2573
2
reference_url https://bugs.launchpad.net/nova/+bug/1269418
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1269418
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573
4
reference_url http://secunia.com/advisories/57498
reference_id
reference_type
scores
url http://secunia.com/advisories/57498
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
7
reference_url https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2573
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2573
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/21/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/21/1
11
reference_url http://www.openwall.com/lists/oss-security/2014/03/21/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/21/2
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1080289
reference_id 1080289
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1080289
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144
reference_id 750144
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144
14
reference_url https://github.com/advisories/GHSA-jv34-xvjq-ppch
reference_id GHSA-jv34-xvjq-ppch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv34-xvjq-ppch
fixed_packages
0
url pkg:deb/debian/nova@2014.1-9?distro=trixie
purl pkg:deb/debian/nova@2014.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-9%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-2573, GHSA-jv34-xvjq-ppch, PYSEC-2014-113
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhs-qv3p-myg2
47
url VCID-r558-z5xb-v3a8
vulnerability_id VCID-r558-z5xb-v3a8
summary 
OpenStack Nova VMware instance leak potentially leading to compute DoS
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8333
reference_id
reference_type
scores
0
value 0.00736
scoring_system epss
scoring_elements 0.72821
published_at 2026-04-12T12:55:00Z
1
value 0.00736
scoring_system epss
scoring_elements 0.72814
published_at 2026-04-09T12:55:00Z
2
value 0.00736
scoring_system epss
scoring_elements 0.72854
published_at 2026-04-16T12:55:00Z
3
value 0.00736
scoring_system epss
scoring_elements 0.72813
published_at 2026-04-13T12:55:00Z
4
value 0.00736
scoring_system epss
scoring_elements 0.72786
published_at 2026-04-04T12:55:00Z
5
value 0.00736
scoring_system epss
scoring_elements 0.72761
published_at 2026-04-07T12:55:00Z
6
value 0.00736
scoring_system epss
scoring_elements 0.728
published_at 2026-04-08T12:55:00Z
7
value 0.00736
scoring_system epss
scoring_elements 0.72758
published_at 2026-04-01T12:55:00Z
8
value 0.00736
scoring_system epss
scoring_elements 0.72838
published_at 2026-04-11T12:55:00Z
9
value 0.00736
scoring_system epss
scoring_elements 0.72765
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8333
5
reference_url https://bugs.launchpad.net/nova/+bug/1359138
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1359138
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333
7
reference_url http://secunia.com/advisories/60531
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/60531
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2
10
reference_url https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1154890
reference_id 1154890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1154890
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-8333
reference_id CVE-2014-8333
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-8333
17
reference_url https://github.com/advisories/GHSA-g63p-mfcm-54c4
reference_id GHSA-g63p-mfcm-54c4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g63p-mfcm-54c4
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-7?distro=trixie
purl pkg:deb/debian/nova@2014.1.3-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-7%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-8333, GHSA-g63p-mfcm-54c4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r558-z5xb-v3a8
48
url VCID-rqyj-x6hj-g7fp
vulnerability_id VCID-rqyj-x6hj-g7fp
summary 
OpenStack Nova Long server names grow nova-api log files significantly
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
references
0
reference_url http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de
1
reference_url http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702
2
reference_url http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554
3
reference_url http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1
4
reference_url http://lwn.net/Alerts/491298
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lwn.net/Alerts/491298
5
reference_url http://lwn.net/Alerts/491298/
reference_id
reference_type
scores
url http://lwn.net/Alerts/491298/
6
reference_url http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1585
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.64834
published_at 2026-04-11T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.64833
published_at 2026-04-16T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.64817
published_at 2026-04-09T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.64823
published_at 2026-04-12T12:55:00Z
4
value 0.00475
scoring_system epss
scoring_elements 0.6471
published_at 2026-04-01T12:55:00Z
5
value 0.00475
scoring_system epss
scoring_elements 0.64795
published_at 2026-04-13T12:55:00Z
6
value 0.00475
scoring_system epss
scoring_elements 0.64761
published_at 2026-04-02T12:55:00Z
7
value 0.00475
scoring_system epss
scoring_elements 0.6479
published_at 2026-04-04T12:55:00Z
8
value 0.00475
scoring_system epss
scoring_elements 0.64753
published_at 2026-04-07T12:55:00Z
9
value 0.00475
scoring_system epss
scoring_elements 0.64803
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1585
8
reference_url https://bugs.launchpad.net/nova/+bug/962515
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/962515
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1585
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1585
10
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888
reference_id 666888
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1585
reference_id CVE-2012-1585
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1585
14
reference_url https://github.com/advisories/GHSA-pjvw-p2v5-wf6q
reference_id GHSA-pjvw-p2v5-wf6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pjvw-p2v5-wf6q
15
reference_url https://usn.ubuntu.com/1413-1/
reference_id USN-1413-1
reference_type
scores
url https://usn.ubuntu.com/1413-1/
fixed_packages
0
url pkg:deb/debian/nova@2012-1~rc3-1?distro=trixie
purl pkg:deb/debian/nova@2012-1~rc3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012-1~rc3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-1585, GHSA-pjvw-p2v5-wf6q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqyj-x6hj-g7fp
49
url VCID-rvp9-etcr-wycj
vulnerability_id VCID-rvp9-etcr-wycj
summary 
OpenStack Nova DoS through ephemeral disk backing files
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6437
reference_id
reference_type
scores
0
value 0.00434
scoring_system epss
scoring_elements 0.62849
published_at 2026-04-16T12:55:00Z
1
value 0.00434
scoring_system epss
scoring_elements 0.62793
published_at 2026-04-04T12:55:00Z
2
value 0.00434
scoring_system epss
scoring_elements 0.62757
published_at 2026-04-07T12:55:00Z
3
value 0.00434
scoring_system epss
scoring_elements 0.62808
published_at 2026-04-08T12:55:00Z
4
value 0.00434
scoring_system epss
scoring_elements 0.62825
published_at 2026-04-09T12:55:00Z
5
value 0.00434
scoring_system epss
scoring_elements 0.62843
published_at 2026-04-11T12:55:00Z
6
value 0.00434
scoring_system epss
scoring_elements 0.62832
published_at 2026-04-12T12:55:00Z
7
value 0.00434
scoring_system epss
scoring_elements 0.62809
published_at 2026-04-13T12:55:00Z
8
value 0.00434
scoring_system epss
scoring_elements 0.62706
published_at 2026-04-01T12:55:00Z
9
value 0.00434
scoring_system epss
scoring_elements 0.62762
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6437
4
reference_url https://bugs.launchpad.net/nova/+bug/1253980
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1253980
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836
8
reference_url https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4
9
reference_url https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1043106
reference_id 1043106
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1043106
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6437
reference_id CVE-2013-6437
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6437
12
reference_url https://github.com/advisories/GHSA-hrv9-4x4c-9jc8
reference_id GHSA-hrv9-4x4c-9jc8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrv9-4x4c-9jc8
13
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
fixed_packages
0
url pkg:deb/debian/nova@2013.2.2?distro=trixie
purl pkg:deb/debian/nova@2013.2.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-6437, GHSA-hrv9-4x4c-9jc8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvp9-etcr-wycj
50
url VCID-s69v-tc7x-37fe
vulnerability_id VCID-s69v-tc7x-37fe
summary 
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18747
published_at 2026-04-16T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18797
published_at 2026-04-13T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.22132
published_at 2026-04-04T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.22017
published_at 2026-04-12T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.22058
published_at 2026-04-11T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.22043
published_at 2026-04-09T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.21988
published_at 2026-04-08T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.21907
published_at 2026-04-07T12:55:00Z
8
value 0.00072
scoring_system epss
scoring_elements 0.22081
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
2
reference_url https://bugs.launchpad.net/nova/+bug/2137507
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://bugs.launchpad.net/nova/+bug/2137507
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
6
reference_url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
8
reference_url https://www.openwall.com/lists/oss-security/2026/02/17/7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://www.openwall.com/lists/oss-security/2026/02/17/7
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
reference_id 1128294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
reference_id 2430312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
11
reference_url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
reference_id GHSA-m4f3-qp2w-gwh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
12
reference_url https://usn.ubuntu.com/8049-1/
reference_id USN-8049-1
reference_type
scores
url https://usn.ubuntu.com/8049-1/
fixed_packages
0
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.4.0-1~deb11u7?distro=trixie
purl pkg:deb/debian/nova@2:22.4.0-1~deb11u7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u7%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:32.1.0-7?distro=trixie
purl pkg:deb/debian/nova@2:32.1.0-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:32.1.0-7%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
9
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
10
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2026-24708, GHSA-m4f3-qp2w-gwh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe
51
url VCID-sj2k-uq1g-suby
vulnerability_id VCID-sj2k-uq1g-suby
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4179 OpenStack: Nova XML entities DoS
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71359
published_at 2026-04-16T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71292
published_at 2026-04-04T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71309
published_at 2026-04-08T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71322
published_at 2026-04-09T12:55:00Z
4
value 0.00669
scoring_system epss
scoring_elements 0.71345
published_at 2026-04-11T12:55:00Z
5
value 0.00669
scoring_system epss
scoring_elements 0.7133
published_at 2026-04-12T12:55:00Z
6
value 0.00669
scoring_system epss
scoring_elements 0.71313
published_at 2026-04-13T12:55:00Z
7
value 0.00669
scoring_system epss
scoring_elements 0.71267
published_at 2026-04-07T12:55:00Z
8
value 0.00669
scoring_system epss
scoring_elements 0.71275
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
4
reference_url https://bugs.launchpad.net/ossa/+bug/1190229
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1190229
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=989707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=989707
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url http://www.ubuntu.com/usn/USN-2005-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2005-1
9
reference_url https://access.redhat.com/security/cve/CVE-2013-4179
reference_id CVE-2013-4179
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4179
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
reference_id CVE-2013-4179
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
11
reference_url https://github.com/advisories/GHSA-j6xh-q826-55jw
reference_id GHSA-j6xh-q826-55jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6xh-q826-55jw
12
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
13
reference_url https://usn.ubuntu.com/2005-1/
reference_id USN-2005-1
reference_type
scores
url https://usn.ubuntu.com/2005-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.1.3-1?distro=trixie
purl pkg:deb/debian/nova@2013.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-4179, GHSA-j6xh-q826-55jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby
52
url VCID-t2sh-b3m5-vyax
vulnerability_id VCID-t2sh-b3m5-vyax
summary 
OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2096
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19171
published_at 2026-04-16T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19277
published_at 2026-04-01T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19413
published_at 2026-04-02T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19462
published_at 2026-04-04T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19179
published_at 2026-04-07T12:55:00Z
5
value 0.00062
scoring_system epss
scoring_elements 0.19258
published_at 2026-04-08T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.1931
published_at 2026-04-09T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19315
published_at 2026-04-11T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19267
published_at 2026-04-12T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19213
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2096
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231
7
reference_url https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2096
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:P
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2096
9
reference_url https://review.openstack.org/#/c/28717
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/28717
10
reference_url https://review.openstack.org/#/c/28717/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/28717/
11
reference_url https://review.openstack.org/#/c/28901
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/28901
12
reference_url https://review.openstack.org/#/c/28901/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/28901/
13
reference_url https://review.openstack.org/#/c/29192
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/29192
14
reference_url https://review.openstack.org/#/c/29192/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/29192/
15
reference_url https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924
16
reference_url http://www.securityfocus.com/bid/59924
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/59924
17
reference_url http://www.ubuntu.com/usn/USN-1831-1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1831-1
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
reference_id 710157
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=963462
reference_id 963462
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=963462
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
23
reference_url https://github.com/advisories/GHSA-m674-hmx2-ffhq
reference_id GHSA-m674-hmx2-ffhq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m674-hmx2-ffhq
24
reference_url https://usn.ubuntu.com/1831-1/
reference_id USN-1831-1
reference_type
scores
url https://usn.ubuntu.com/1831-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.1.2-2?distro=trixie
purl pkg:deb/debian/nova@2013.1.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-2096, GHSA-m674-hmx2-ffhq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2sh-b3m5-vyax
53
url VCID-t88t-p8tx-cfcu
vulnerability_id VCID-t88t-p8tx-cfcu
summary 
Multiple vulnerabilities have been found in libxml2, allowing
    remote attackers to execute arbitrary code or cause Denial of Service.
references
0
reference_url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
1
reference_url http://bugs.python.org/issue17239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.python.org/issue17239
2
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0657.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0657.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0658.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0658.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0670.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0670.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
reference_id
reference_type
scores
0
value 0.03938
scoring_system epss
scoring_elements 0.88312
published_at 2026-04-07T12:55:00Z
1
value 0.03938
scoring_system epss
scoring_elements 0.88293
published_at 2026-04-02T12:55:00Z
2
value 0.03938
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-16T12:55:00Z
3
value 0.03938
scoring_system epss
scoring_elements 0.8834
published_at 2026-04-13T12:55:00Z
4
value 0.03938
scoring_system epss
scoring_elements 0.88348
published_at 2026-04-11T12:55:00Z
5
value 0.03938
scoring_system epss
scoring_elements 0.88338
published_at 2026-04-09T12:55:00Z
6
value 0.03938
scoring_system epss
scoring_elements 0.88332
published_at 2026-04-08T12:55:00Z
7
value 0.03938
scoring_system epss
scoring_elements 0.88285
published_at 2026-04-01T12:55:00Z
8
value 0.03938
scoring_system epss
scoring_elements 0.88308
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
8
reference_url https://bugs.launchpad.net/nova/+bug/1100282
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1100282
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
10
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
11
reference_url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
12
reference_url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
14
reference_url http://ubuntu.com/usn/usn-1757-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1757-1
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/2
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/4
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id 700948
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
reference_id 700949
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
reference_id 700950
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=913808
reference_id 913808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=913808
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
27
reference_url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
reference_id GHSA-qrh7-x6fp-c2mp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
28
reference_url https://security.gentoo.org/glsa/201311-06
reference_id GLSA-201311-06
reference_type
scores
url https://security.gentoo.org/glsa/201311-06
29
reference_url https://security.gentoo.org/glsa/201412-11
reference_id GLSA-201412-11
reference_type
scores
url https://security.gentoo.org/glsa/201412-11
30
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
31
reference_url https://access.redhat.com/errata/RHSA-2013:0657
reference_id RHSA-2013:0657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0657
32
reference_url https://access.redhat.com/errata/RHSA-2013:0658
reference_id RHSA-2013:0658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0658
33
reference_url https://access.redhat.com/errata/RHSA-2013:0670
reference_id RHSA-2013:0670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0670
34
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
35
reference_url https://usn.ubuntu.com/1731-1/
reference_id USN-1731-1
reference_type
scores
url https://usn.ubuntu.com/1731-1/
36
reference_url https://usn.ubuntu.com/1734-1/
reference_id USN-1734-1
reference_type
scores
url https://usn.ubuntu.com/1734-1/
37
reference_url https://usn.ubuntu.com/1757-1/
reference_id USN-1757-1
reference_type
scores
url https://usn.ubuntu.com/1757-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-13?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-1664, GHSA-qrh7-x6fp-c2mp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t88t-p8tx-cfcu
54
url VCID-tbxf-ky56-w7h5
vulnerability_id VCID-tbxf-ky56-w7h5
summary openstack-nova: Boot from volume allows access to random volumes
references
0
reference_url http://osvdb.org/89661
reference_id
reference_type
scores
url http://osvdb.org/89661
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0208.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0208.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0208.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0208.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0208
reference_id
reference_type
scores
0
value 0.00953
scoring_system epss
scoring_elements 0.76437
published_at 2026-04-16T12:55:00Z
1
value 0.00953
scoring_system epss
scoring_elements 0.7634
published_at 2026-04-01T12:55:00Z
2
value 0.00953
scoring_system epss
scoring_elements 0.76343
published_at 2026-04-02T12:55:00Z
3
value 0.00953
scoring_system epss
scoring_elements 0.76373
published_at 2026-04-04T12:55:00Z
4
value 0.00953
scoring_system epss
scoring_elements 0.76352
published_at 2026-04-07T12:55:00Z
5
value 0.00953
scoring_system epss
scoring_elements 0.76385
published_at 2026-04-08T12:55:00Z
6
value 0.00953
scoring_system epss
scoring_elements 0.76398
published_at 2026-04-09T12:55:00Z
7
value 0.00953
scoring_system epss
scoring_elements 0.76424
published_at 2026-04-11T12:55:00Z
8
value 0.00953
scoring_system epss
scoring_elements 0.76402
published_at 2026-04-12T12:55:00Z
9
value 0.00953
scoring_system epss
scoring_elements 0.76397
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0208
4
reference_url https://bugs.launchpad.net/nova/+bug/1069904
reference_id
reference_type
scores
url https://bugs.launchpad.net/nova/+bug/1069904
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0208
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0208
6
reference_url http://secunia.com/advisories/51963
reference_id
reference_type
scores
url http://secunia.com/advisories/51963
7
reference_url http://secunia.com/advisories/51992
reference_id
reference_type
scores
url http://secunia.com/advisories/51992
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/81697
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/81697
9
reference_url https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b
10
reference_url https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad
11
reference_url http://www.openwall.com/lists/oss-security/2013/01/29/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/01/29/9
12
reference_url http://www.securityfocus.com/bid/57613
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57613
13
reference_url http://www.ubuntu.com/usn/USN-1709-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1709-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=902629
reference_id 902629
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=902629
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0208
reference_id CVE-2013-0208
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2013-0208
21
reference_url https://access.redhat.com/errata/RHSA-2013:0208
reference_id RHSA-2013:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0208
22
reference_url https://usn.ubuntu.com/1709-1/
reference_id USN-1709-1
reference_type
scores
url https://usn.ubuntu.com/1709-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-12?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-12?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-12%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-0208
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbxf-ky56-w7h5
55
url VCID-v47b-k4qx-h7a2
vulnerability_id VCID-v47b-k4qx-h7a2
summary 
OpenStack Nova live snapshots use an insecure local directory
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7048
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17179
published_at 2026-04-16T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.1736
published_at 2026-04-02T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17406
published_at 2026-04-04T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17186
published_at 2026-04-07T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17278
published_at 2026-04-08T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17336
published_at 2026-04-09T12:55:00Z
6
value 0.00055
scoring_system epss
scoring_elements 0.17349
published_at 2026-04-11T12:55:00Z
7
value 0.00055
scoring_system epss
scoring_elements 0.17299
published_at 2026-04-12T12:55:00Z
8
value 0.00055
scoring_system epss
scoring_elements 0.1724
published_at 2026-04-13T12:55:00Z
9
value 0.00055
scoring_system epss
scoring_elements 0.17193
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7048
3
reference_url https://bugs.launchpad.net/nova/+bug/1227027
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1227027
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d
7
reference_url https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f
8
reference_url https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa
9
reference_url http://www.openwall.com/lists/oss-security/2014/01/13/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/01/13/2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1040786
reference_id 1040786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1040786
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022
reference_id 732022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7048
reference_id CVE-2013-7048
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7048
13
reference_url https://github.com/advisories/GHSA-grp5-h379-j75x
reference_id GHSA-grp5-h379-j75x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grp5-h379-j75x
14
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
15
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
fixed_packages
0
url pkg:deb/debian/nova@2013.2.2?distro=trixie
purl pkg:deb/debian/nova@2013.2.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-7048, GHSA-grp5-h379-j75x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v47b-k4qx-h7a2
56
url VCID-v87z-d6p9-43c5
vulnerability_id VCID-v87z-d6p9-43c5
summary The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2654
reference_id
reference_type
scores
0
value 0.01178
scoring_system epss
scoring_elements 0.7876
published_at 2026-04-16T12:55:00Z
1
value 0.01178
scoring_system epss
scoring_elements 0.78682
published_at 2026-04-01T12:55:00Z
2
value 0.01178
scoring_system epss
scoring_elements 0.78688
published_at 2026-04-02T12:55:00Z
3
value 0.01178
scoring_system epss
scoring_elements 0.78719
published_at 2026-04-04T12:55:00Z
4
value 0.01178
scoring_system epss
scoring_elements 0.78701
published_at 2026-04-07T12:55:00Z
5
value 0.01178
scoring_system epss
scoring_elements 0.78726
published_at 2026-04-08T12:55:00Z
6
value 0.01178
scoring_system epss
scoring_elements 0.78733
published_at 2026-04-09T12:55:00Z
7
value 0.01178
scoring_system epss
scoring_elements 0.78758
published_at 2026-04-11T12:55:00Z
8
value 0.01178
scoring_system epss
scoring_elements 0.7874
published_at 2026-04-12T12:55:00Z
9
value 0.01178
scoring_system epss
scoring_elements 0.78731
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2654
1
reference_url https://bugs.launchpad.net/nova/+bug/985184
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/985184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2654
3
reference_url http://secunia.com/advisories/46808
reference_id
reference_type
scores
url http://secunia.com/advisories/46808
4
reference_url http://secunia.com/advisories/49439
reference_id
reference_type
scores
url http://secunia.com/advisories/49439
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
6
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
7
reference_url https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
8
reference_url https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml
10
reference_url https://lists.launchpad.net/openstack/msg12883.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg12883.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2654
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2654
12
reference_url https://review.openstack.org/#/c/8239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/8239
13
reference_url https://review.openstack.org/#/c/8239/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/8239/
14
reference_url http://www.ubuntu.com/usn/USN-1466-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1466-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465
reference_id 676465
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465
16
reference_url https://github.com/advisories/GHSA-46r8-9cj7-pw6g
reference_id GHSA-46r8-9cj7-pw6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46r8-9cj7-pw6g
17
reference_url https://usn.ubuntu.com/1466-1/
reference_id USN-1466-1
reference_type
scores
url https://usn.ubuntu.com/1466-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1-6?distro=trixie
purl pkg:deb/debian/nova@2012.1-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-6%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2012-2654, GHSA-46r8-9cj7-pw6g, PYSEC-2012-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v87z-d6p9-43c5
57
url VCID-vena-h39k-v3fe
vulnerability_id VCID-vena-h39k-v3fe
summary The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
2
reference_url http://osvdb.org/102416
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://osvdb.org/102416
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0231.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0231.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7130
reference_id
reference_type
scores
0
value 0.02539
scoring_system epss
scoring_elements 0.85458
published_at 2026-04-13T12:55:00Z
1
value 0.02539
scoring_system epss
scoring_elements 0.85462
published_at 2026-04-12T12:55:00Z
2
value 0.02539
scoring_system epss
scoring_elements 0.85464
published_at 2026-04-11T12:55:00Z
3
value 0.02539
scoring_system epss
scoring_elements 0.8545
published_at 2026-04-09T12:55:00Z
4
value 0.02539
scoring_system epss
scoring_elements 0.85441
published_at 2026-04-08T12:55:00Z
5
value 0.02539
scoring_system epss
scoring_elements 0.8542
published_at 2026-04-07T12:55:00Z
6
value 0.02539
scoring_system epss
scoring_elements 0.85417
published_at 2026-04-04T12:55:00Z
7
value 0.02539
scoring_system epss
scoring_elements 0.85397
published_at 2026-04-02T12:55:00Z
8
value 0.02539
scoring_system epss
scoring_elements 0.85385
published_at 2026-04-01T12:55:00Z
9
value 0.02539
scoring_system epss
scoring_elements 0.85482
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7130
6
reference_url https://bugs.launchpad.net/nova/+bug/1251590
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1251590
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
8
reference_url http://secunia.com/advisories/56450
reference_id
reference_type
scores
url http://secunia.com/advisories/56450
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
10
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
11
reference_url https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
12
reference_url https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
13
reference_url https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7130
16
reference_url https://review.openstack.org/#/c/68658
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68658
17
reference_url https://review.openstack.org/#/c/68658/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68658/
18
reference_url https://review.openstack.org/#/c/68659
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68659
19
reference_url https://review.openstack.org/#/c/68659/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68659/
20
reference_url https://review.openstack.org/#/c/68660
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/68660
21
reference_url https://review.openstack.org/#/c/68660/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/68660/
22
reference_url http://www.openwall.com/lists/oss-security/2014/01/23/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/01/23/5
23
reference_url http://www.securityfocus.com/bid/65106
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65106
24
reference_url http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2247-1
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1055400
reference_id 1055400
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1055400
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465
reference_id 736465
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465
27
reference_url https://github.com/advisories/GHSA-99rx-9x8v-9j8p
reference_id GHSA-99rx-9x8v-9j8p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99rx-9x8v-9j8p
28
reference_url https://access.redhat.com/errata/RHSA-2014:0231
reference_id RHSA-2014:0231
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0231
29
reference_url https://access.redhat.com/errata/RHSA-2014:0366
reference_id RHSA-2014:0366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0366
30
reference_url https://usn.ubuntu.com/2247-1/
reference_id USN-2247-1
reference_type
scores
url https://usn.ubuntu.com/2247-1/
fixed_packages
0
url pkg:deb/debian/nova@2013.2.2?distro=trixie
purl pkg:deb/debian/nova@2013.2.2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-7130, GHSA-99rx-9x8v-9j8p, PYSEC-2014-111
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vena-h39k-v3fe
58
url VCID-wvc4-8zmb-6ucg
vulnerability_id VCID-wvc4-8zmb-6ucg
summary 
Openstack nova qcow format could expose host filesystem information
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
references
0
reference_url http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3147
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39918
published_at 2026-04-16T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39895
published_at 2026-04-02T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39923
published_at 2026-04-11T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.39846
published_at 2026-04-07T12:55:00Z
4
value 0.00182
scoring_system epss
scoring_elements 0.399
published_at 2026-04-08T12:55:00Z
5
value 0.00182
scoring_system epss
scoring_elements 0.39913
published_at 2026-04-09T12:55:00Z
6
value 0.00182
scoring_system epss
scoring_elements 0.39888
published_at 2026-04-12T12:55:00Z
7
value 0.00182
scoring_system epss
scoring_elements 0.39868
published_at 2026-04-13T12:55:00Z
8
value 0.00182
scoring_system epss
scoring_elements 0.39747
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3147
2
reference_url https://bugs.launchpad.net/nova/+bug/853330
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/853330
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3147
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3147
4
reference_url https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3147
reference_id CVE-2011-3147
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3147
6
reference_url https://github.com/advisories/GHSA-hqfx-4x4w-vmwp
reference_id GHSA-hqfx-4x4w-vmwp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hqfx-4x4w-vmwp
fixed_packages
0
url pkg:deb/debian/nova@2012.1~e1-1?distro=trixie
purl pkg:deb/debian/nova@2012.1~e1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2011-3147, GHSA-hqfx-4x4w-vmwp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wvc4-8zmb-6ucg
59
url VCID-x5k4-dm9d-xkf7
vulnerability_id VCID-x5k4-dm9d-xkf7
summary 
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1781.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1781.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1782.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1782.html
2
reference_url https://access.redhat.com/errata/RHSA-2014:1781
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1781
3
reference_url https://access.redhat.com/errata/RHSA-2014:1782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1782
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.71782
published_at 2026-04-16T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.71699
published_at 2026-04-01T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.71706
published_at 2026-04-02T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.71725
published_at 2026-04-04T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.71698
published_at 2026-04-07T12:55:00Z
5
value 0.00689
scoring_system epss
scoring_elements 0.71737
published_at 2026-04-08T12:55:00Z
6
value 0.00689
scoring_system epss
scoring_elements 0.71749
published_at 2026-04-09T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71773
published_at 2026-04-11T12:55:00Z
8
value 0.00689
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-12T12:55:00Z
9
value 0.00689
scoring_system epss
scoring_elements 0.71739
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
6
reference_url https://bugs.launchpad.net/nova/+bug/1338830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1338830
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
9
reference_url http://seclists.org/oss-sec/2014/q4/65
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/65
10
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
11
reference_url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
12
reference_url http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70220
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://access.redhat.com/security/cve/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3608
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value 2.7
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
16
reference_url https://github.com/advisories/GHSA-92hc-c226-32q7
reference_id GHSA-92hc-c226-32q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92hc-c226-32q7
17
reference_url https://usn.ubuntu.com/2407-1/
reference_id USN-2407-1
reference_type
scores
url https://usn.ubuntu.com/2407-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-1?distro=trixie
purl pkg:deb/debian/nova@2014.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-3608, GHSA-92hc-c226-32q7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7
60
url VCID-y8va-eyt2-3kfv
vulnerability_id VCID-y8va-eyt2-3kfv
summary OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-2687
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15948
published_at 2026-04-01T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15817
published_at 2026-04-16T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15892
published_at 2026-04-13T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.1596
published_at 2026-04-12T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15998
published_at 2026-04-11T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.1602
published_at 2026-04-09T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15958
published_at 2026-04-08T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15872
published_at 2026-04-07T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.16075
published_at 2026-04-04T12:55:00Z
9
value 0.00051
scoring_system epss
scoring_elements 0.16012
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-2687
2
reference_url https://bugs.launchpad.net/nova/+bug/1419577
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1419577
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205313
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205313
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2687
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-2687
9
reference_url https://review.openstack.org/#/c/338929
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/338929
10
reference_url https://review.openstack.org/#/c/338929/
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://review.openstack.org/#/c/338929/
11
reference_url http://www.openwall.com/lists/oss-security/2015/03/24/10
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/24/10
12
reference_url http://www.openwall.com/lists/oss-security/2015/03/25/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/25/3
13
reference_url http://www.securityfocus.com/bid/77505
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url http://www.securityfocus.com/bid/77505
14
reference_url https://github.com/advisories/GHSA-97fv-22hc-mrgj
reference_id GHSA-97fv-22hc-mrgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97fv-22hc-mrgj
fixed_packages
0
url pkg:deb/debian/nova@2014.1-1?distro=trixie
purl pkg:deb/debian/nova@2014.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-2687, GHSA-97fv-22hc-mrgj, PYSEC-2017-145
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8va-eyt2-3kfv
61
url VCID-ykzj-fz7y-eug8
vulnerability_id VCID-ykzj-fz7y-eug8
summary Trove: potential leak of passwords into log files
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1939.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-1939.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7230
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31407
published_at 2026-04-16T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31368
published_at 2026-04-01T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31506
published_at 2026-04-02T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-04T12:55:00Z
4
value 0.00123
scoring_system epss
scoring_elements 0.31365
published_at 2026-04-07T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.31419
published_at 2026-04-08T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31449
published_at 2026-04-09T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31452
published_at 2026-04-11T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31409
published_at 2026-04-12T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31373
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7230
3
reference_url https://bugs.launchpad.net/oslo-incubator/+bug/1343604
reference_id
reference_type
scores
url https://bugs.launchpad.net/oslo-incubator/+bug/1343604
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
5
reference_url http://seclists.org/oss-sec/2014/q3/853
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2014/q3/853
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
7
reference_url http://www.securityfocus.com/bid/70185
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/70185
8
reference_url http://www.ubuntu.com/usn/USN-2405-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2405-1
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id 1147722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1147722
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
reference_id 765704
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
reference_id 765714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7230
reference_id CVE-2014-7230
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2014-7230
18
reference_url https://access.redhat.com/errata/RHSA-2014:1939
reference_id RHSA-2014:1939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1939
19
reference_url https://usn.ubuntu.com/2405-1/
reference_id USN-2405-1
reference_type
scores
url https://usn.ubuntu.com/2405-1/
20
reference_url https://usn.ubuntu.com/2407-1/
reference_id USN-2407-1
reference_type
scores
url https://usn.ubuntu.com/2407-1/
fixed_packages
0
url pkg:deb/debian/nova@2014.1.3-5?distro=trixie
purl pkg:deb/debian/nova@2014.1.3-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-5%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2014-7230
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8
62
url VCID-z5wc-py2m-6qhz
vulnerability_id VCID-z5wc-py2m-6qhz
summary OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
references
0
reference_url http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72
1
reference_url http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88
2
reference_url http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d
3
reference_url http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a
4
reference_url http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0709.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0709.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0335.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0335.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0335
reference_id
reference_type
scores
0
value 0.01036
scoring_system epss
scoring_elements 0.77432
published_at 2026-04-16T12:55:00Z
1
value 0.01036
scoring_system epss
scoring_elements 0.77335
published_at 2026-04-01T12:55:00Z
2
value 0.01036
scoring_system epss
scoring_elements 0.77341
published_at 2026-04-02T12:55:00Z
3
value 0.01036
scoring_system epss
scoring_elements 0.7737
published_at 2026-04-04T12:55:00Z
4
value 0.01036
scoring_system epss
scoring_elements 0.7735
published_at 2026-04-07T12:55:00Z
5
value 0.01036
scoring_system epss
scoring_elements 0.7738
published_at 2026-04-08T12:55:00Z
6
value 0.01036
scoring_system epss
scoring_elements 0.77389
published_at 2026-04-09T12:55:00Z
7
value 0.01036
scoring_system epss
scoring_elements 0.77415
published_at 2026-04-11T12:55:00Z
8
value 0.01036
scoring_system epss
scoring_elements 0.77395
published_at 2026-04-12T12:55:00Z
9
value 0.01036
scoring_system epss
scoring_elements 0.77392
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0335
8
reference_url https://bugs.launchpad.net/nova/+bug/1125378
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1125378
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335
10
reference_url http://secunia.com/advisories/52337
reference_id
reference_type
scores
url http://secunia.com/advisories/52337
11
reference_url http://secunia.com/advisories/52728
reference_id
reference_type
scores
url http://secunia.com/advisories/52728
12
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml
14
reference_url https://review.openstack.org/#/c/22086
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22086
15
reference_url https://review.openstack.org/#/c/22086/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22086/
16
reference_url https://review.openstack.org/#/c/22758
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22758
17
reference_url https://review.openstack.org/#/c/22872
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22872
18
reference_url https://review.openstack.org/#/c/22872/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22872/
19
reference_url http://www.openwall.com/lists/oss-security/2013/02/26/7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/26/7
20
reference_url http://www.osvdb.org/90657
reference_id
reference_type
scores
url http://www.osvdb.org/90657
21
reference_url http://www.ubuntu.com/usn/USN-1771-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1771-1
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773
reference_id 701773
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0335
reference_id CVE-2013-0335
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0335
30
reference_url https://github.com/advisories/GHSA-qfp8-hfqx-c79c
reference_id GHSA-qfp8-hfqx-c79c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfp8-hfqx-c79c
31
reference_url https://usn.ubuntu.com/1771-1/
reference_id USN-1771-1
reference_type
scores
url https://usn.ubuntu.com/1771-1/
fixed_packages
0
url pkg:deb/debian/nova@2012.1.1-14?distro=trixie
purl pkg:deb/debian/nova@2012.1.1-14?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-14%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2013-0335, GHSA-qfp8-hfqx-c79c, PYSEC-2013-43
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5wc-py2m-6qhz
63
url VCID-zwuz-pgjz-rkb9
vulnerability_id VCID-zwuz-pgjz-rkb9
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3654
reference_id
reference_type
scores
0
value 0.87248
scoring_system epss
scoring_elements 0.99444
published_at 2026-04-02T12:55:00Z
1
value 0.87248
scoring_system epss
scoring_elements 0.99445
published_at 2026-04-04T12:55:00Z
2
value 0.87248
scoring_system epss
scoring_elements 0.99453
published_at 2026-04-16T12:55:00Z
3
value 0.87248
scoring_system epss
scoring_elements 0.99446
published_at 2026-04-07T12:55:00Z
4
value 0.87248
scoring_system epss
scoring_elements 0.99448
published_at 2026-04-09T12:55:00Z
5
value 0.87248
scoring_system epss
scoring_elements 0.99449
published_at 2026-04-11T12:55:00Z
6
value 0.87248
scoring_system epss
scoring_elements 0.9945
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3654
2
reference_url https://bugs.launchpad.net/nova/+bug/1927677
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1927677
3
reference_url https://bugs.python.org/issue32084
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.python.org/issue32084
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961439
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1961439
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
9
reference_url https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
10
reference_url https://security.gentoo.org/glsa/202305-02
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-02
11
reference_url https://security.openstack.org/ossa/OSSA-2021-002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-002.html
12
reference_url https://www.openwall.com/lists/oss-security/2021/07/29/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2021/07/29/2
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
reference_id 991441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3654
reference_id CVE-2021-3654
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3654
15
reference_url https://github.com/advisories/GHSA-vqp6-j452-j6wp
reference_id GHSA-vqp6-j452-j6wp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vqp6-j452-j6wp
16
reference_url https://access.redhat.com/errata/RHSA-2022:0983
reference_id RHSA-2022:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0983
17
reference_url https://access.redhat.com/errata/RHSA-2022:0999
reference_id RHSA-2022:0999
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0999
18
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:deb/debian/nova@2:23.0.2-3?distro=trixie
purl pkg:deb/debian/nova@2:23.0.2-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:23.0.2-3%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2021-3654, GHSA-vqp6-j452-j6wp
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwuz-pgjz-rkb9
64
url VCID-zy9m-d25c-5uga
vulnerability_id VCID-zy9m-d25c-5uga
summary 
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-2923.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2923.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-2991.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2991.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2017-0153.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0153.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2017-0156.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0156.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2017-0165.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0165.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2017-0282.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0282.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5162
reference_id
reference_type
scores
0
value 0.0359
scoring_system epss
scoring_elements 0.8777
published_at 2026-04-16T12:55:00Z
1
value 0.0359
scoring_system epss
scoring_elements 0.87701
published_at 2026-04-01T12:55:00Z
2
value 0.0359
scoring_system epss
scoring_elements 0.87712
published_at 2026-04-02T12:55:00Z
3
value 0.0359
scoring_system epss
scoring_elements 0.87723
published_at 2026-04-04T12:55:00Z
4
value 0.0359
scoring_system epss
scoring_elements 0.87725
published_at 2026-04-07T12:55:00Z
5
value 0.0359
scoring_system epss
scoring_elements 0.87746
published_at 2026-04-08T12:55:00Z
6
value 0.0359
scoring_system epss
scoring_elements 0.87752
published_at 2026-04-09T12:55:00Z
7
value 0.0359
scoring_system epss
scoring_elements 0.87763
published_at 2026-04-11T12:55:00Z
8
value 0.0359
scoring_system epss
scoring_elements 0.87757
published_at 2026-04-12T12:55:00Z
9
value 0.0359
scoring_system epss
scoring_elements 0.87756
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5162
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1268303
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1268303
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5
12
reference_url https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
13
reference_url https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397
14
reference_url https://launchpad.net/bugs/1449062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1449062
15
reference_url http://www.openwall.com/lists/oss-security/2016/10/06/8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/10/06/8
16
reference_url http://www.securityfocus.com/bid/76849
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76849
17
reference_url https://access.redhat.com/security/cve/CVE-2015-5162
reference_id CVE-2015-5162
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-5162
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5162
reference_id CVE-2015-5162
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5162
19
reference_url https://github.com/advisories/GHSA-g2j5-7vgx-6xrx
reference_id GHSA-g2j5-7vgx-6xrx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2j5-7vgx-6xrx
20
reference_url https://access.redhat.com/errata/RHSA-2016:2923
reference_id RHSA-2016:2923
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2923
21
reference_url https://access.redhat.com/errata/RHSA-2016:2991
reference_id RHSA-2016:2991
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2991
22
reference_url https://access.redhat.com/errata/RHSA-2017:0153
reference_id RHSA-2017:0153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0153
23
reference_url https://access.redhat.com/errata/RHSA-2017:0156
reference_id RHSA-2017:0156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0156
24
reference_url https://access.redhat.com/errata/RHSA-2017:0165
reference_id RHSA-2017:0165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0165
25
reference_url https://access.redhat.com/errata/RHSA-2017:0282
reference_id RHSA-2017:0282
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0282
26
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:deb/debian/nova@2:13.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:13.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie
1
url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hd9e-1msb-uqa6
1
vulnerability VCID-m5vc-4my3-87gk
2
vulnerability VCID-zwuz-pgjz-rkb9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie
3
url pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie
5
url pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie
aliases CVE-2015-5162, GHSA-g2j5-7vgx-6xrx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie