Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/nova@19.0.0.0rc2
Typepypi
Namespace
Namenova
Version19.0.0.0rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1p6r-bchy-pfdv
vulnerability_id VCID-1p6r-bchy-pfdv
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3654
reference_id
reference_type
scores
0
value 0.87177
scoring_system epss
scoring_elements 0.99465
published_at 2026-06-07T12:55:00Z
1
value 0.87177
scoring_system epss
scoring_elements 0.99464
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3654
2
reference_url https://bugs.launchpad.net/nova/+bug/1927677
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1927677
3
reference_url https://bugs.python.org/issue32084
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.python.org/issue32084
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961439
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1961439
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66
9
reference_url https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb
10
reference_url https://security.gentoo.org/glsa/202305-02
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-02
11
reference_url https://security.openstack.org/ossa/OSSA-2021-002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-002.html
12
reference_url https://www.openwall.com/lists/oss-security/2021/07/29/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2021/07/29/2
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
reference_id 991441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3654
reference_id CVE-2021-3654
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3654
15
reference_url https://github.com/advisories/GHSA-vqp6-j452-j6wp
reference_id GHSA-vqp6-j452-j6wp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vqp6-j452-j6wp
16
reference_url https://access.redhat.com/errata/RHSA-2022:0983
reference_id RHSA-2022:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0983
17
reference_url https://access.redhat.com/errata/RHSA-2022:0999
reference_id RHSA-2022:0999
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0999
18
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:pypi/nova@21.2.3
purl pkg:pypi/nova@21.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-6e9z-82qh-k7du
2
vulnerability VCID-91rs-pwgf-qqdf
3
vulnerability VCID-a4ze-ras5-7qg5
4
vulnerability VCID-d4d4-83qf-dqbh
5
vulnerability VCID-ef7v-8jwq-tqa9
6
vulnerability VCID-jxdh-rsjp-dqh8
7
vulnerability VCID-m24k-x2sb-1fcx
8
vulnerability VCID-s4q3-njy1-qfcv
9
vulnerability VCID-ttgr-j3ja-cbba
10
vulnerability VCID-uhcg-5qnj-wyf5
11
vulnerability VCID-uudy-pq4p-xfbd
12
vulnerability VCID-v1j5-u7w9-1ydk
13
vulnerability VCID-vbzy-1amz-tyhb
14
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.2.3
1
url pkg:pypi/nova@22.2.3
purl pkg:pypi/nova@22.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.2.3
2
url pkg:pypi/nova@22.3.0
purl pkg:pypi/nova@22.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-6e9z-82qh-k7du
2
vulnerability VCID-91rs-pwgf-qqdf
3
vulnerability VCID-a4ze-ras5-7qg5
4
vulnerability VCID-d4d4-83qf-dqbh
5
vulnerability VCID-ef7v-8jwq-tqa9
6
vulnerability VCID-jxdh-rsjp-dqh8
7
vulnerability VCID-m24k-x2sb-1fcx
8
vulnerability VCID-s4q3-njy1-qfcv
9
vulnerability VCID-ttgr-j3ja-cbba
10
vulnerability VCID-uhcg-5qnj-wyf5
11
vulnerability VCID-uudy-pq4p-xfbd
12
vulnerability VCID-v1j5-u7w9-1ydk
13
vulnerability VCID-vbzy-1amz-tyhb
14
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.3.0
3
url pkg:pypi/nova@23.0.3
purl pkg:pypi/nova@23.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.0.3
4
url pkg:pypi/nova@23.1.0
purl pkg:pypi/nova@23.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-6e9z-82qh-k7du
2
vulnerability VCID-91rs-pwgf-qqdf
3
vulnerability VCID-a4ze-ras5-7qg5
4
vulnerability VCID-d4d4-83qf-dqbh
5
vulnerability VCID-ef7v-8jwq-tqa9
6
vulnerability VCID-jxdh-rsjp-dqh8
7
vulnerability VCID-m24k-x2sb-1fcx
8
vulnerability VCID-s4q3-njy1-qfcv
9
vulnerability VCID-ttgr-j3ja-cbba
10
vulnerability VCID-uhcg-5qnj-wyf5
11
vulnerability VCID-uudy-pq4p-xfbd
12
vulnerability VCID-v1j5-u7w9-1ydk
13
vulnerability VCID-vbzy-1amz-tyhb
14
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.1.0
aliases CVE-2021-3654, GHSA-vqp6-j452-j6wp
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p6r-bchy-pfdv
1
url VCID-3hv9-1384-6kh3
vulnerability_id VCID-3hv9-1384-6kh3
summary 
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.44021
published_at 2026-06-05T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.44004
published_at 2026-06-07T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.44029
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
3
reference_url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
4
reference_url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
5
reference_url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
6
reference_url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
7
reference_url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
8
reference_url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
9
reference_url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
10
reference_url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
11
reference_url https://launchpad.net/bugs/2059809
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://launchpad.net/bugs/2059809
12
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
14
reference_url https://security.openstack.org/ossa/OSSA-2024-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://security.openstack.org/ossa/OSSA-2024-001.html
15
reference_url https://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://www.openwall.com/lists/oss-security/2024/07/02/2
16
reference_url http://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url http://www.openwall.com/lists/oss-security/2024/07/02/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id 1074761
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id 1074762
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id 1074763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id 2278663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
reference_id CVE-2024-32498
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
22
reference_url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
reference_id GHSA-r4v4-w9pv-6fph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
23
reference_url https://access.redhat.com/errata/RHSA-2024:4272
reference_id RHSA-2024:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4272
24
reference_url https://access.redhat.com/errata/RHSA-2024:4273
reference_id RHSA-2024:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4273
25
reference_url https://access.redhat.com/errata/RHSA-2024:4274
reference_id RHSA-2024:4274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4274
26
reference_url https://access.redhat.com/errata/RHSA-2024:4425
reference_id RHSA-2024:4425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4425
27
reference_url https://usn.ubuntu.com/6882-1/
reference_id USN-6882-1
reference_type
scores
url https://usn.ubuntu.com/6882-1/
28
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
29
reference_url https://usn.ubuntu.com/6883-1/
reference_id USN-6883-1
reference_type
scores
url https://usn.ubuntu.com/6883-1/
30
reference_url https://usn.ubuntu.com/6884-1/
reference_id USN-6884-1
reference_type
scores
url https://usn.ubuntu.com/6884-1/
31
reference_url https://usn.ubuntu.com/8199-1/
reference_id USN-8199-1
reference_type
scores
url https://usn.ubuntu.com/8199-1/
fixed_packages
aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hv9-1384-6kh3
2
url VCID-6e9z-82qh-k7du
vulnerability_id VCID-6e9z-82qh-k7du
summary 
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.70312
published_at 2026-06-07T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.70279
published_at 2026-06-04T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.70321
published_at 2026-06-05T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.7033
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://launchpad.net/bugs/1996188
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://launchpad.net/bugs/1996188
5
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
8
reference_url https://security.openstack.org/ossa/OSSA-2023-002.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://security.openstack.org/ossa/OSSA-2023-002.html
9
reference_url https://www.debian.org/security/2023/dsa-5336
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5336
10
reference_url https://www.debian.org/security/2023/dsa-5337
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5337
11
reference_url https://www.debian.org/security/2023/dsa-5338
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5338
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id 1029561
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id 1029562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id 1029563
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id 2161812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
reference_id CVE-2022-47951
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
17
reference_url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
reference_id GHSA-7h75-hwxx-qpgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
18
reference_url https://access.redhat.com/errata/RHSA-2023:1015
reference_id RHSA-2023:1015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1015
19
reference_url https://access.redhat.com/errata/RHSA-2023:1016
reference_id RHSA-2023:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1016
20
reference_url https://access.redhat.com/errata/RHSA-2023:1017
reference_id RHSA-2023:1017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1017
21
reference_url https://access.redhat.com/errata/RHSA-2023:1278
reference_id RHSA-2023:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1278
22
reference_url https://access.redhat.com/errata/RHSA-2023:1279
reference_id RHSA-2023:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1279
23
reference_url https://access.redhat.com/errata/RHSA-2023:1280
reference_id RHSA-2023:1280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1280
24
reference_url https://usn.ubuntu.com/5835-1/
reference_id USN-5835-1
reference_type
scores
url https://usn.ubuntu.com/5835-1/
25
reference_url https://usn.ubuntu.com/5835-2/
reference_id USN-5835-2
reference_type
scores
url https://usn.ubuntu.com/5835-2/
26
reference_url https://usn.ubuntu.com/5835-3/
reference_id USN-5835-3
reference_type
scores
url https://usn.ubuntu.com/5835-3/
27
reference_url https://usn.ubuntu.com/5835-4/
reference_id USN-5835-4
reference_type
scores
url https://usn.ubuntu.com/5835-4/
28
reference_url https://usn.ubuntu.com/5835-5/
reference_id USN-5835-5
reference_type
scores
url https://usn.ubuntu.com/5835-5/
29
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
fixed_packages
0
url pkg:pypi/nova@24.1.2
purl pkg:pypi/nova@24.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2
1
url pkg:pypi/nova@24.2.0
purl pkg:pypi/nova@24.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-uudy-pq4p-xfbd
2
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.2.0
2
url pkg:pypi/nova@25.0.2
purl pkg:pypi/nova@25.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2
3
url pkg:pypi/nova@25.1.0
purl pkg:pypi/nova@25.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-uudy-pq4p-xfbd
2
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.1.0
aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e9z-82qh-k7du
3
url VCID-91rs-pwgf-qqdf
vulnerability_id VCID-91rs-pwgf-qqdf
summary 
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-2684.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2684.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:2673
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2673
2
reference_url https://access.redhat.com/errata/RHSA-2015:2684
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:2684
3
reference_url https://access.redhat.com/errata/RHSA-2016:0013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0013
4
reference_url https://access.redhat.com/errata/RHSA-2016:0017
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2016:0017
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
reference_id
reference_type
scores
0
value 0.01522
scoring_system epss
scoring_elements 0.8162
published_at 2026-06-07T12:55:00Z
1
value 0.01522
scoring_system epss
scoring_elements 0.81618
published_at 2026-06-05T12:55:00Z
2
value 0.01522
scoring_system epss
scoring_elements 0.81589
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7713
7
reference_url https://bugs.launchpad.net/nova/+bug/1491307
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1491307
8
reference_url https://bugs.launchpad.net/nova/+bug/1492961
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1492961
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1269119
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://security.openstack.org/ossa/OSSA-2015-021.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-021.html
13
reference_url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960
14
reference_url http://www.securityfocus.com/bid/76960
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76960
15
reference_url https://access.redhat.com/security/cve/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-7713
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
reference_id CVE-2015-7713
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7713
17
reference_url https://github.com/advisories/GHSA-67rh-9p29-vrxr
reference_id GHSA-67rh-9p29-vrxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rh-9p29-vrxr
18
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:pypi/nova@2014.2.4
purl pkg:pypi/nova@2014.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4
1
url pkg:pypi/nova@2015.1.2
purl pkg:pypi/nova@2015.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2
aliases CVE-2015-7713, GHSA-67rh-9p29-vrxr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91rs-pwgf-qqdf
4
url VCID-a4ze-ras5-7qg5
vulnerability_id VCID-a4ze-ras5-7qg5
summary 
Insufficient Verification of Data Authenticity
It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0790.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
4
reference_url https://access.redhat.com/errata/RHSA-2015:0790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0790
5
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
6
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.4265
published_at 2026-06-05T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42637
published_at 2026-06-07T12:55:00Z
2
value 0.00205
scoring_system epss
scoring_elements 0.42577
published_at 2026-06-04T12:55:00Z
3
value 0.00205
scoring_system epss
scoring_elements 0.42661
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0259
9
reference_url https://bugs.launchpad.net/nova/+bug/1409142
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1409142
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1190112
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
12
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
reference_id 780250
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
14
reference_url https://access.redhat.com/security/cve/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-0259
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
reference_id CVE-2015-0259
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0259
16
reference_url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
reference_id GHSA-x8xr-rm9r-7mvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8xr-rm9r-7mvf
fixed_packages
0
url pkg:pypi/nova@2014.1.4
purl pkg:pypi/nova@2014.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4
1
url pkg:pypi/nova@2014.2.3
purl pkg:pypi/nova@2014.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.3
aliases CVE-2015-0259, GHSA-x8xr-rm9r-7mvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ze-ras5-7qg5
5
url VCID-d4d4-83qf-dqbh
vulnerability_id VCID-d4d4-83qf-dqbh
summary 
Exposure of Sensitive Information to an Unauthorized Actor
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2014:0940
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:0940
1
reference_url https://access.redhat.com/errata/RHSA-2014:1084
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1084
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.6094
published_at 2026-06-04T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60985
published_at 2026-06-07T12:55:00Z
2
value 0.00398
scoring_system epss
scoring_elements 0.60988
published_at 2026-06-05T12:55:00Z
3
value 0.00398
scoring_system epss
scoring_elements 0.60996
published_at 2026-06-06T12:55:00Z
4
value 0.00398
scoring_system epss
scoring_elements 0.60968
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3517
4
reference_url https://bugs.launchpad.net/nova/+bug/1325128
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1325128
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1112499
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url http://www.openwall.com/lists/oss-security/2014/07/17/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/07/17/2
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
reference_id 755042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
10
reference_url https://access.redhat.com/security/cve/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3517
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
reference_id CVE-2014-3517
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3517
12
reference_url https://github.com/advisories/GHSA-xjmj-p278-4jp5
reference_id GHSA-xjmj-p278-4jp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjmj-p278-4jp5
13
reference_url https://usn.ubuntu.com/2325-1/
reference_id USN-2325-1
reference_type
scores
url https://usn.ubuntu.com/2325-1/
fixed_packages
0
url pkg:pypi/nova@2013.2.4
purl pkg:pypi/nova@2013.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2.4
1
url pkg:pypi/nova@2014.1.2
purl pkg:pypi/nova@2014.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.2
aliases CVE-2014-3517, GHSA-xjmj-p278-4jp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4d4-83qf-dqbh
6
url VCID-ef7v-8jwq-tqa9
vulnerability_id VCID-ef7v-8jwq-tqa9
summary 
OpenStack Compute (Nova) Denial of Service vulnerability
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0843.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0843.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0844.html
3
reference_url https://access.redhat.com/errata/RHSA-2015:0843
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0843
4
reference_url https://access.redhat.com/errata/RHSA-2015:0844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:0844
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
reference_id
reference_type
scores
0
value 0.01057
scoring_system epss
scoring_elements 0.7796
published_at 2026-06-08T12:55:00Z
1
value 0.01057
scoring_system epss
scoring_elements 0.77947
published_at 2026-06-04T12:55:00Z
2
value 0.01057
scoring_system epss
scoring_elements 0.77974
published_at 2026-06-05T12:55:00Z
3
value 0.01057
scoring_system epss
scoring_elements 0.77981
published_at 2026-06-06T12:55:00Z
4
value 0.01057
scoring_system epss
scoring_elements 0.77971
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3708
7
reference_url https://bugs.launchpad.net/nova/+bug/1358583
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1358583
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1154951
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
12
reference_url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777
13
reference_url http://www.securityfocus.com/bid/70777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70777
14
reference_url https://access.redhat.com/security/cve/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3708
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
reference_id CVE-2014-3708
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3708
16
reference_url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
reference_id GHSA-43hc-pwvx-pmfg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43hc-pwvx-pmfg
fixed_packages
0
url pkg:pypi/nova@2014.1.4
purl pkg:pypi/nova@2014.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4
1
url pkg:pypi/nova@2014.2.1
purl pkg:pypi/nova@2014.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.1
aliases CVE-2014-3708, GHSA-43hc-pwvx-pmfg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef7v-8jwq-tqa9
7
url VCID-jxdh-rsjp-dqh8
vulnerability_id VCID-jxdh-rsjp-dqh8
summary keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2030
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10859
published_at 2026-06-07T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10896
published_at 2026-06-06T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10907
published_at 2026-06-05T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10821
published_at 2026-06-04T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10779
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2030
3
reference_url https://bugs.launchpad.net/nova/+bug/1174608
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1174608
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=958285
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=958285
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce
7
reference_url https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7
8
reference_url https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60
9
reference_url https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2030
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2030
12
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/2
13
reference_url https://github.com/advisories/GHSA-pxxv-rv32-2qgv
reference_id GHSA-pxxv-rv32-2qgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxxv-rv32-2qgv
fixed_packages
aliases CVE-2013-2030, GHSA-pxxv-rv32-2qgv, PYSEC-2013-45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxdh-rsjp-dqh8
8
url VCID-m24k-x2sb-1fcx
vulnerability_id VCID-m24k-x2sb-1fcx
summary The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
3
reference_url https://access.redhat.com/security/cve/CVE-2013-4179
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4179
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71743
published_at 2026-06-08T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71735
published_at 2026-06-04T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71775
published_at 2026-06-05T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71781
published_at 2026-06-06T12:55:00Z
4
value 0.00669
scoring_system epss
scoring_elements 0.71758
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4179
5
reference_url https://bugs.launchpad.net/ossa/+bug/1190229
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1190229
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=989707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=989707
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4179
9
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
10
reference_url http://www.ubuntu.com/usn/USN-2005-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2005-1
11
reference_url https://github.com/advisories/GHSA-j6xh-q826-55jw
reference_id GHSA-j6xh-q826-55jw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6xh-q826-55jw
12
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
13
reference_url https://usn.ubuntu.com/2005-1/
reference_id USN-2005-1
reference_type
scores
url https://usn.ubuntu.com/2005-1/
fixed_packages
0
url pkg:pypi/nova@2013.2
purl pkg:pypi/nova@2013.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2
aliases CVE-2013-4179, GHSA-j6xh-q826-55jw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m24k-x2sb-1fcx
9
url VCID-nfqc-abt3-8fg1
vulnerability_id VCID-nfqc-abt3-8fg1
summary An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
reference_id
reference_type
scores
0
value 0.00385
scoring_system epss
scoring_elements 0.60096
published_at 2026-06-07T12:55:00Z
1
value 0.00385
scoring_system epss
scoring_elements 0.60109
published_at 2026-06-06T12:55:00Z
2
value 0.00385
scoring_system epss
scoring_elements 0.60106
published_at 2026-06-05T12:55:00Z
3
value 0.00385
scoring_system epss
scoring_elements 0.60059
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17376
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff
6
reference_url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d
7
reference_url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db
8
reference_url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb
9
reference_url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml
11
reference_url https://launchpad.net/bugs/1890501
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1890501
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17376
13
reference_url https://security.openstack.org/ossa/OSSA-2020-006.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-006.html
14
reference_url http://www.openwall.com/lists/oss-security/2020/08/25/4
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/08/25/4
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
reference_id 1869426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869426
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
reference_id 969052
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052
17
reference_url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
reference_id GHSA-c7w7-9c85-4qxv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7w7-9c85-4qxv
18
reference_url https://access.redhat.com/errata/RHSA-2020:3702
reference_id RHSA-2020:3702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3702
19
reference_url https://access.redhat.com/errata/RHSA-2020:3704
reference_id RHSA-2020:3704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3704
20
reference_url https://access.redhat.com/errata/RHSA-2020:3706
reference_id RHSA-2020:3706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3706
21
reference_url https://access.redhat.com/errata/RHSA-2020:3708
reference_id RHSA-2020:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3708
22
reference_url https://access.redhat.com/errata/RHSA-2020:3711
reference_id RHSA-2020:3711
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3711
23
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:pypi/nova@19.3.1
purl pkg:pypi/nova@19.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p6r-bchy-pfdv
1
vulnerability VCID-3hv9-1384-6kh3
2
vulnerability VCID-6e9z-82qh-k7du
3
vulnerability VCID-91rs-pwgf-qqdf
4
vulnerability VCID-a4ze-ras5-7qg5
5
vulnerability VCID-d4d4-83qf-dqbh
6
vulnerability VCID-ef7v-8jwq-tqa9
7
vulnerability VCID-jxdh-rsjp-dqh8
8
vulnerability VCID-m24k-x2sb-1fcx
9
vulnerability VCID-s4q3-njy1-qfcv
10
vulnerability VCID-ttgr-j3ja-cbba
11
vulnerability VCID-uhcg-5qnj-wyf5
12
vulnerability VCID-uudy-pq4p-xfbd
13
vulnerability VCID-v1j5-u7w9-1ydk
14
vulnerability VCID-vbzy-1amz-tyhb
15
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1
1
url pkg:pypi/nova@20.3.1
purl pkg:pypi/nova@20.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.3.1
2
url pkg:pypi/nova@20.4.0
purl pkg:pypi/nova@20.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p6r-bchy-pfdv
1
vulnerability VCID-3hv9-1384-6kh3
2
vulnerability VCID-6e9z-82qh-k7du
3
vulnerability VCID-91rs-pwgf-qqdf
4
vulnerability VCID-a4ze-ras5-7qg5
5
vulnerability VCID-d4d4-83qf-dqbh
6
vulnerability VCID-ef7v-8jwq-tqa9
7
vulnerability VCID-jxdh-rsjp-dqh8
8
vulnerability VCID-m24k-x2sb-1fcx
9
vulnerability VCID-s4q3-njy1-qfcv
10
vulnerability VCID-ttgr-j3ja-cbba
11
vulnerability VCID-uhcg-5qnj-wyf5
12
vulnerability VCID-uudy-pq4p-xfbd
13
vulnerability VCID-v1j5-u7w9-1ydk
14
vulnerability VCID-vbzy-1amz-tyhb
15
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.4.0
3
url pkg:pypi/nova@21.1.0
purl pkg:pypi/nova@21.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p6r-bchy-pfdv
1
vulnerability VCID-3hv9-1384-6kh3
2
vulnerability VCID-6e9z-82qh-k7du
3
vulnerability VCID-91rs-pwgf-qqdf
4
vulnerability VCID-a4ze-ras5-7qg5
5
vulnerability VCID-d4d4-83qf-dqbh
6
vulnerability VCID-ef7v-8jwq-tqa9
7
vulnerability VCID-jxdh-rsjp-dqh8
8
vulnerability VCID-m24k-x2sb-1fcx
9
vulnerability VCID-s4q3-njy1-qfcv
10
vulnerability VCID-ttgr-j3ja-cbba
11
vulnerability VCID-uhcg-5qnj-wyf5
12
vulnerability VCID-uudy-pq4p-xfbd
13
vulnerability VCID-v1j5-u7w9-1ydk
14
vulnerability VCID-vbzy-1amz-tyhb
15
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0
aliases CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfqc-abt3-8fg1
10
url VCID-s4q3-njy1-qfcv
vulnerability_id VCID-s4q3-njy1-qfcv
summary 
OpenStack Nova instance migration process does not stop when instance is deleted
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1723.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1723.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
2
reference_url https://access.redhat.com/errata/RHSA-2015:1723
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1723
3
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
reference_id
reference_type
scores
0
value 0.0197
scoring_system epss
scoring_elements 0.83881
published_at 2026-06-07T12:55:00Z
1
value 0.0197
scoring_system epss
scoring_elements 0.83886
published_at 2026-06-06T12:55:00Z
2
value 0.0197
scoring_system epss
scoring_elements 0.83883
published_at 2026-06-05T12:55:00Z
3
value 0.0197
scoring_system epss
scoring_elements 0.8386
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3241
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1232782
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
8
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
9
reference_url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
10
reference_url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
11
reference_url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
12
reference_url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
13
reference_url https://launchpad.net/bugs/1387543
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1387543
14
reference_url https://security.openstack.org/ossa/OSSA-2015-015.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-015.html
15
reference_url http://www.securityfocus.com/bid/75372
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/75372
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
reference_id 796109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109
17
reference_url https://access.redhat.com/security/cve/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3241
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
reference_id CVE-2015-3241
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3241
19
reference_url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
reference_id GHSA-3vx7-xff6-h2vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vx7-xff6-h2vx
20
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:pypi/nova@112.0.0.0b3
purl pkg:pypi/nova@112.0.0.0b3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@112.0.0.0b3
aliases CVE-2015-3241, GHSA-3vx7-xff6-h2vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q3-njy1-qfcv
11
url VCID-ttgr-j3ja-cbba
vulnerability_id VCID-ttgr-j3ja-cbba
summary An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37394
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50376
published_at 2026-06-07T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50327
published_at 2026-06-04T12:55:00Z
2
value 0.00266
scoring_system epss
scoring_elements 0.50387
published_at 2026-06-05T12:55:00Z
3
value 0.00266
scoring_system epss
scoring_elements 0.50395
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37394
2
reference_url https://bugs.launchpad.net/ossa/+bug/1981813
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1981813
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
6
reference_url https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde
7
reference_url https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206
8
reference_url https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44
9
reference_url https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a
10
reference_url https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e
11
reference_url https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37394
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37394
13
reference_url https://review.opendev.org/c/openstack/nova/+/849985
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/849985
14
reference_url https://review.opendev.org/c/openstack/nova/+/850003
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/850003
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980
reference_id 1016980
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2117333
reference_id 2117333
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2117333
17
reference_url https://github.com/advisories/GHSA-v725-c588-h936
reference_id GHSA-v725-c588-h936
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v725-c588-h936
18
reference_url https://access.redhat.com/errata/RHSA-2023:1948
reference_id RHSA-2023:1948
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1948
19
reference_url https://usn.ubuntu.com/5866-1/
reference_id USN-5866-1
reference_type
scores
url https://usn.ubuntu.com/5866-1/
fixed_packages
0
url pkg:pypi/nova@23.2.2
purl pkg:pypi/nova@23.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-6e9z-82qh-k7du
2
vulnerability VCID-uudy-pq4p-xfbd
3
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.2.2
1
url pkg:pypi/nova@24.0.0.0rc1
purl pkg:pypi/nova@24.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-6e9z-82qh-k7du
2
vulnerability VCID-91rs-pwgf-qqdf
3
vulnerability VCID-a4ze-ras5-7qg5
4
vulnerability VCID-d4d4-83qf-dqbh
5
vulnerability VCID-ef7v-8jwq-tqa9
6
vulnerability VCID-jxdh-rsjp-dqh8
7
vulnerability VCID-m24k-x2sb-1fcx
8
vulnerability VCID-s4q3-njy1-qfcv
9
vulnerability VCID-uhcg-5qnj-wyf5
10
vulnerability VCID-uudy-pq4p-xfbd
11
vulnerability VCID-v1j5-u7w9-1ydk
12
vulnerability VCID-vbzy-1amz-tyhb
13
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1
2
url pkg:pypi/nova@24.1.2
purl pkg:pypi/nova@24.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2
3
url pkg:pypi/nova@25.0.0.0rc1
purl pkg:pypi/nova@25.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-91rs-pwgf-qqdf
2
vulnerability VCID-a4ze-ras5-7qg5
3
vulnerability VCID-d4d4-83qf-dqbh
4
vulnerability VCID-ef7v-8jwq-tqa9
5
vulnerability VCID-jxdh-rsjp-dqh8
6
vulnerability VCID-m24k-x2sb-1fcx
7
vulnerability VCID-s4q3-njy1-qfcv
8
vulnerability VCID-uhcg-5qnj-wyf5
9
vulnerability VCID-uudy-pq4p-xfbd
10
vulnerability VCID-v1j5-u7w9-1ydk
11
vulnerability VCID-vbzy-1amz-tyhb
12
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1
4
url pkg:pypi/nova@25.0.2
purl pkg:pypi/nova@25.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2
aliases CVE-2022-37394, GHSA-v725-c588-h936
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgr-j3ja-cbba
12
url VCID-uhcg-5qnj-wyf5
vulnerability_id VCID-uhcg-5qnj-wyf5
summary 
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1898.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1898.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:1898
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1898
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
reference_id
reference_type
scores
0
value 0.00795
scoring_system epss
scoring_elements 0.7433
published_at 2026-06-04T12:55:00Z
1
value 0.00795
scoring_system epss
scoring_elements 0.74354
published_at 2026-06-07T12:55:00Z
2
value 0.00795
scoring_system epss
scoring_elements 0.74367
published_at 2026-06-06T12:55:00Z
3
value 0.00795
scoring_system epss
scoring_elements 0.74362
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3280
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1257942
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
6
reference_url https://launchpad.net/bugs/1392527
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1392527
7
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
8
reference_url https://security.openstack.org/ossa/OSSA-2015-017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-017.html
9
reference_url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553
10
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
11
reference_url http://www.securityfocus.com/bid/76553
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76553
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
reference_id 798883
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883
13
reference_url https://access.redhat.com/security/cve/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-3280
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
reference_id CVE-2015-3280
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3280
15
reference_url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
reference_id GHSA-mfmj-gwg3-vhw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfmj-gwg3-vhw7
16
reference_url https://usn.ubuntu.com/3449-1/
reference_id USN-3449-1
reference_type
scores
url https://usn.ubuntu.com/3449-1/
fixed_packages
0
url pkg:pypi/nova@2014.2.4
purl pkg:pypi/nova@2014.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4
1
url pkg:pypi/nova@2015.1.2
purl pkg:pypi/nova@2015.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2
aliases CVE-2015-3280, GHSA-mfmj-gwg3-vhw7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhcg-5qnj-wyf5
13
url VCID-uudy-pq4p-xfbd
vulnerability_id VCID-uudy-pq4p-xfbd
summary 
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40767
reference_id
reference_type
scores
0
value 0.00835
scoring_system epss
scoring_elements 0.75023
published_at 2026-06-07T12:55:00Z
1
value 0.00835
scoring_system epss
scoring_elements 0.7503
published_at 2026-06-06T12:55:00Z
2
value 0.00835
scoring_system epss
scoring_elements 0.75026
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40767
2
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
3
reference_url https://launchpad.net/bugs/2071734
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://launchpad.net/bugs/2071734
4
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
5
reference_url https://review.opendev.org/c/openstack/nova/+/924731
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/nova/+/924731
6
reference_url https://security.openstack.org
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://security.openstack.org
7
reference_url https://security.openstack.org/ossa/OSSA-2024-002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://security.openstack.org/ossa/OSSA-2024-002.html
8
reference_url https://www.openwall.com/lists/oss-security/2024/07/23/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/
url https://www.openwall.com/lists/oss-security/2024/07/23/2
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2297217
reference_id 2297217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2297217
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-40767
reference_id CVE-2024-40767
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-40767
11
reference_url https://github.com/advisories/GHSA-rm86-h44c-2r2m
reference_id GHSA-rm86-h44c-2r2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rm86-h44c-2r2m
12
reference_url https://access.redhat.com/errata/RHSA-2024:5082
reference_id RHSA-2024:5082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5082
13
reference_url https://access.redhat.com/errata/RHSA-2024:5083
reference_id RHSA-2024:5083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5083
14
reference_url https://access.redhat.com/errata/RHSA-2024:5097
reference_id RHSA-2024:5097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5097
15
reference_url https://access.redhat.com/errata/RHSA-2024:5113
reference_id RHSA-2024:5113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5113
16
reference_url https://usn.ubuntu.com/6911-1/
reference_id USN-6911-1
reference_type
scores
url https://usn.ubuntu.com/6911-1/
fixed_packages
0
url pkg:pypi/nova@28.0.0.0rc1
purl pkg:pypi/nova@28.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@28.0.0.0rc1
1
url pkg:pypi/nova@29.0.0.0rc1
purl pkg:pypi/nova@29.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-wqfs-xtd4-6ufc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@29.0.0.0rc1
aliases CVE-2024-40767, GHSA-rm86-h44c-2r2m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uudy-pq4p-xfbd
14
url VCID-v1j5-u7w9-1ydk
vulnerability_id VCID-v1j5-u7w9-1ydk
summary 
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1781.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1781.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1782.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1782.html
2
reference_url https://access.redhat.com/errata/RHSA-2014:1781
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1781
3
reference_url https://access.redhat.com/errata/RHSA-2014:1782
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1782
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.72158
published_at 2026-06-08T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.72144
published_at 2026-06-04T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.72185
published_at 2026-06-05T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.72192
published_at 2026-06-06T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.72171
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3608
6
reference_url https://bugs.launchpad.net/nova/+bug/1338830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1338830
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1148253
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
9
reference_url http://seclists.org/oss-sec/2014/q4/65
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/65
10
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
11
reference_url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220
12
reference_url http://www.securityfocus.com/bid/70220
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/70220
13
reference_url https://access.redhat.com/security/cve/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3608
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
reference_id CVE-2014-3608
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3608
15
reference_url https://github.com/advisories/GHSA-92hc-c226-32q7
reference_id GHSA-92hc-c226-32q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92hc-c226-32q7
16
reference_url https://usn.ubuntu.com/2407-1/
reference_id USN-2407-1
reference_type
scores
url https://usn.ubuntu.com/2407-1/
fixed_packages
0
url pkg:pypi/nova@2014.1.3
purl pkg:pypi/nova@2014.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.3
aliases CVE-2014-3608, GHSA-92hc-c226-32q7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1j5-u7w9-1ydk
15
url VCID-vbzy-1amz-tyhb
vulnerability_id VCID-vbzy-1amz-tyhb
summary 
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1199.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1199.html
1
reference_url https://access.redhat.com/errata/RHSA-2013:1199
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1199
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.65084
published_at 2026-06-06T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.65061
published_at 2026-06-08T12:55:00Z
2
value 0.00472
scoring_system epss
scoring_elements 0.65031
published_at 2026-06-04T12:55:00Z
3
value 0.00472
scoring_system epss
scoring_elements 0.65074
published_at 2026-06-05T12:55:00Z
4
value 0.00472
scoring_system epss
scoring_elements 0.65072
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2256
4
reference_url https://bugs.launchpad.net/nova/+bug/1194093
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1194093
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=993340
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=993340
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
7
reference_url http://seclists.org/oss-sec/2013/q3/281
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/281
8
reference_url https://opendev.org/openstack/nova
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/nova
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
reference_id 718905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
10
reference_url https://access.redhat.com/security/cve/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2256
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
reference_id CVE-2013-2256
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2256
12
reference_url https://github.com/advisories/GHSA-5mj6-643f-2g85
reference_id GHSA-5mj6-643f-2g85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mj6-643f-2g85
13
reference_url https://usn.ubuntu.com/2000-1/
reference_id USN-2000-1
reference_type
scores
url https://usn.ubuntu.com/2000-1/
fixed_packages
0
url pkg:pypi/nova@2013.1.3
purl pkg:pypi/nova@2013.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m24k-x2sb-1fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.1.3
aliases CVE-2013-2256, GHSA-5mj6-643f-2g85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbzy-1amz-tyhb
16
url VCID-wqfs-xtd4-6ufc
vulnerability_id VCID-wqfs-xtd4-6ufc
summary 
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05294
published_at 2026-06-07T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05316
published_at 2026-06-05T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.053
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24708
2
reference_url https://bugs.launchpad.net/nova/+bug/2137507
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://bugs.launchpad.net/nova/+bug/2137507
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708
4
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova
5
reference_url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5
6
reference_url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html
7
reference_url https://www.openwall.com/lists/oss-security/2026/02/17/7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/
url https://www.openwall.com/lists/oss-security/2026/02/17/7
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
reference_id 1128294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
reference_id 2430312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2430312
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
reference_id CVE-2026-24708
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24708
11
reference_url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
reference_id GHSA-m4f3-qp2w-gwh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4f3-qp2w-gwh6
12
reference_url https://access.redhat.com/errata/RHSA-2026:7884
reference_id RHSA-2026:7884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7884
13
reference_url https://usn.ubuntu.com/8049-1/
reference_id USN-8049-1
reference_type
scores
url https://usn.ubuntu.com/8049-1/
fixed_packages
aliases CVE-2026-24708, GHSA-m4f3-qp2w-gwh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqfs-xtd4-6ufc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.0.0rc2