Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openstack-nova@1:14.1.0-3?arch=el7ost

Type rpm

Namespace redhat

Name openstack-nova

Version 1:14.1.0-3

Qualifiers

arch	el7ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1qbm-qguj-gkem

vulnerability_id

VCID-1qbm-qguj-gkem

summary

OpenStack Nova Filter Scheduler Bypass
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:0241

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0241

reference_url

https://access.redhat.com/errata/RHSA-2018:0314

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0314

reference_url

https://access.redhat.com/errata/RHSA-2018:0369

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0369

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16239

reference_id

reference_type

scores

value	0.00385
scoring_system	epss
scoring_elements	0.59788
published_at	2026-04-21T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59642
published_at	2026-04-01T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59715
published_at	2026-04-02T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.5974
published_at	2026-04-04T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.5971
published_at	2026-04-07T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59761
published_at	2026-04-13T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59775
published_at	2026-04-09T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59794
published_at	2026-04-11T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59779
published_at	2026-04-12T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59798
published_at	2026-04-16T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.59804
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16239

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:S/C:P/I:N/A:P

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/nova

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova

reference_url

https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30

reference_url

https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34

reference_url

https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833

reference_url

https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a

reference_url

https://launchpad.net/bugs/1664931

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1664931

reference_url

https://security.openstack.org/ossa/OSSA-2017-005.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2017-005.html

reference_url

https://www.debian.org/security/2017/dsa-4056

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2017/dsa-4056

reference_url

http://www.securityfocus.com/bid/101950

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/101950

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1508539
reference_id	1508539
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1508539

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009
reference_id	882009
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::
reference_id	cpe:2.3:a:openstack:nova::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:::::::*
reference_id	cpe:2.3:a:openstack:nova:15.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:::::::*
reference_id	cpe:2.3:a:openstack:nova:16.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:::::::*
reference_id	cpe:2.3:a:openstack:nova:16.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:::::::*
reference_id	cpe:2.3:a:openstack:nova:16.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16239

reference_id

CVE-2017-16239

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16239

reference_url

https://github.com/advisories/GHSA-w2wf-cgwh-vpqg

reference_id

GHSA-w2wf-cgwh-vpqg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w2wf-cgwh-vpqg

fixed_packages

aliases

CVE-2017-16239, GHSA-w2wf-cgwh-vpqg

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-nova@1:14.1.0-3%3Farch=el7ost

Package Instance