Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/199842?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "nova", "version": "2:31.0.0-6+deb13u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2:32.1.0-7", "latest_non_vulnerable_version": "2:33.0.1-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7199?format=api", "vulnerability_id": "VCID-124a-e1xg-ufhd", "summary": "keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10886", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1174608", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1174608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce" }, { "reference_url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7" }, { "reference_url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60" }, { "reference_url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/05/09/2" }, { "reference_url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv", "reference_id": "GHSA-pxxv-rv32-2qgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199854?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2030", "GHSA-pxxv-rv32-2qgv", "PYSEC-2013-45" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-124a-e1xg-ufhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83753?format=api", "vulnerability_id": "VCID-1t9d-4wrv-gbah", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64171", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6491" }, { "reference_url": "https://usn.ubuntu.com/2208-1/", "reference_id": "USN-2208-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2208-1/" }, { "reference_url": "https://usn.ubuntu.com/2208-2/", "reference_id": "USN-2208-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2208-2/" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199868?format=api", "purl": "pkg:deb/debian/nova@2013.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6491" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9d-4wrv-gbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82162?format=api", "vulnerability_id": "VCID-28wh-kpg5-3fe6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69686", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4261" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199863?format=api", "purl": "pkg:deb/debian/nova@2013.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4261" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28wh-kpg5-3fe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7740?format=api", "vulnerability_id": "VCID-2ba7-wb9n-q3d8", "summary": "An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2622", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2631", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2652", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2652" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80053", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml" }, { "reference_url": "https://launchpad.net/bugs/1837877", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1837877" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14433", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14433" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2019-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2019-003.html" }, { "reference_url": "https://usn.ubuntu.com/4104-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4104-1" }, { "reference_url": "https://usn.ubuntu.com/4104-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4104-1/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/06/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/06/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114", "reference_id": "934114", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114" }, { "reference_url": "https://github.com/advisories/GHSA-pg64-r7rr-phv8", "reference_id": "GHSA-pg64-r7rr-phv8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pg64-r7rr-phv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199888?format=api", "purl": "pkg:deb/debian/nova@2:19.0.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:19.0.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14433", "GHSA-pg64-r7rr-phv8", "PYSEC-2019-191" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ba7-wb9n-q3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91495?format=api", "vulnerability_id": "VCID-2k48-naqm-qua8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199854?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8750" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k48-naqm-qua8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80036?format=api", "vulnerability_id": "VCID-2n9h-y9yp-z7gn", "summary": "", "references": [ { "reference_url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html" }, { "reference_url": "http://bugs.python.org/issue17239", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.python.org/issue17239" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03938", "scoring_system": "epss", "scoring_elements": "0.88535", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1664" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1100282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1100282" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40" }, { "reference_url": "https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1664", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1664" }, { "reference_url": "http://ubuntu.com/usn/usn-1757-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1757-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948", "reference_id": "700948", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949", "reference_id": "700949", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950", "reference_id": "700950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950" }, { "reference_url": "https://github.com/advisories/GHSA-qrh7-x6fp-c2mp", "reference_id": "GHSA-qrh7-x6fp-c2mp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qrh7-x6fp-c2mp" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://usn.ubuntu.com/1730-1/", "reference_id": "USN-1730-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1730-1/" }, { "reference_url": "https://usn.ubuntu.com/1731-1/", "reference_id": "USN-1731-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1731-1/" }, { "reference_url": "https://usn.ubuntu.com/1734-1/", "reference_id": "USN-1734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1734-1/" }, { "reference_url": "https://usn.ubuntu.com/1757-1/", "reference_id": "USN-1757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1757-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199858?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1664", "GHSA-qrh7-x6fp-c2mp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n9h-y9yp-z7gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15582?format=api", "vulnerability_id": "VCID-2q7r-cgqc-qfah", "summary": "Openstack nova qcow format could expose host filesystem information\nVersions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.", "references": [ { "reference_url": "http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39615", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3147" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/853330", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/853330" }, { "reference_url": "https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3147", "reference_id": "CVE-2011-3147", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3147" }, { "reference_url": "https://github.com/advisories/GHSA-hqfx-4x4w-vmwp", "reference_id": "GHSA-hqfx-4x4w-vmwp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqfx-4x4w-vmwp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199839?format=api", "purl": "pkg:deb/debian/nova@2012.1~e1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3147", "GHSA-hqfx-4x4w-vmwp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7r-cgqc-qfah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82176?format=api", "vulnerability_id": "VCID-33x3-t2ck-akgg", "summary": "", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42114", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4278" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1212179", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1212179" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9" }, { "reference_url": "https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492" }, { "reference_url": "https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4278" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602", "reference_id": "720602", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199862?format=api", "purl": "pkg:deb/debian/nova@2013.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4278", "GHSA-43cm-73px-5v4m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33x3-t2ck-akgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16748?format=api", "vulnerability_id": "VCID-3ekz-4ahc-5ybh", "summary": "OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1996188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://launchpad.net/bugs/1996188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-002.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5336" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5337" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561", "reference_id": "1029561", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562", "reference_id": "1029562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563", "reference_id": "1029563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812", "reference_id": "2161812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951", "reference_id": "CVE-2022-47951", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951" }, { "reference_url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc", "reference_id": "GHSA-7h75-hwxx-qpgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1015", "reference_id": "RHSA-2023:1015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1016", "reference_id": "RHSA-2023:1016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1017", "reference_id": "RHSA-2023:1017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1278", "reference_id": "RHSA-2023:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1279", "reference_id": "RHSA-2023:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1280", "reference_id": "RHSA-2023:1280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1280" }, { "reference_url": "https://usn.ubuntu.com/5835-1/", "reference_id": "USN-5835-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-1/" }, { "reference_url": "https://usn.ubuntu.com/5835-2/", "reference_id": "USN-5835-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-2/" }, { "reference_url": "https://usn.ubuntu.com/5835-3/", "reference_id": "USN-5835-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-3/" }, { "reference_url": "https://usn.ubuntu.com/5835-4/", "reference_id": "USN-5835-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-4/" }, { "reference_url": "https://usn.ubuntu.com/5835-5/", "reference_id": "USN-5835-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-5/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199892?format=api", "purl": "pkg:deb/debian/nova@2:26.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-47951", "GHSA-7h75-hwxx-qpgc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekz-4ahc-5ybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16310?format=api", "vulnerability_id": "VCID-3gk8-wbuj-xfc2", "summary": "OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74278", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942" }, { "reference_url": "https://launchpad.net/bugs/1392527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1392527" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html" }, { "reference_url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76553" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883", "reference_id": "798883", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280" }, { "reference_url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7", "reference_id": "GHSA-mfmj-gwg3-vhw7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199878?format=api", "purl": "pkg:deb/debian/nova@1:12.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3280", "GHSA-mfmj-gwg3-vhw7" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk8-wbuj-xfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16432?format=api", "vulnerability_id": "VCID-3qv3-8zyv-x7hv", "summary": "OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77908", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1358583", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1358583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777" }, { "reference_url": "http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70777" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708" }, { "reference_url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg", "reference_id": "GHSA-43hc-pwvx-pmfg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199873?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3708", "GHSA-43hc-pwvx-pmfg" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qv3-8zyv-x7hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82327?format=api", "vulnerability_id": "VCID-4c5h-6xyp-hudd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43384", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4497" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1073306", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1073306" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1202266", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1202266" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e" }, { "reference_url": "https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7" }, { "reference_url": "https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80" }, { "reference_url": "https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4497", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4497" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/11/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/11/03/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/11/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/11/03/3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199863?format=api", "purl": "pkg:deb/debian/nova@2013.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4497", "GHSA-27q4-38qf-m25h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c5h-6xyp-hudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15871?format=api", "vulnerability_id": "VCID-57ta-3qn2-nugb", "summary": "OpenStack Nova Denial of service attack on the compute host\nAn issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2018/04/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2018/04/20/3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2332", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2855" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85543", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac" }, { "reference_url": "https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58" }, { "reference_url": "https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88" }, { "reference_url": "https://launchpad.net/bugs/1739593", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1739593" }, { "reference_url": "https://review.openstack.org/539893", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/539893" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2018-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2018-001.html" }, { "reference_url": "http://www.securityfocus.com/bid/103104", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103104" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18191", "reference_id": "CVE-2017-18191", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18191" }, { "reference_url": "https://github.com/advisories/GHSA-ffmh-r67w-m88f", "reference_id": "GHSA-ffmh-r67w-m88f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffmh-r67w-m88f" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199886?format=api", "purl": "pkg:deb/debian/nova@2:17.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:17.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-18191", "GHSA-ffmh-r67w-m88f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57ta-3qn2-nugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16308?format=api", "vulnerability_id": "VCID-5p29-z3wj-5keu", "summary": "Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0790", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42583", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1409142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1409142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250", "reference_id": "780250", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-0259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259" }, { "reference_url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf", "reference_id": "GHSA-x8xr-rm9r-7mvf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199876?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0259", "GHSA-x8xr-rm9r-7mvf" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p29-z3wj-5keu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16335?format=api", "vulnerability_id": "VCID-5sbw-2suq-5qby", "summary": "OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64994", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1194093", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1194093" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/281", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/281" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905", "reference_id": "718905", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-2256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256" }, { "reference_url": "https://github.com/advisories/GHSA-5mj6-643f-2g85", "reference_id": "GHSA-5mj6-643f-2g85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5mj6-643f-2g85" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199861?format=api", "purl": "pkg:deb/debian/nova@2013.1.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2256", "GHSA-5mj6-643f-2g85" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbw-2suq-5qby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16299?format=api", "vulnerability_id": "VCID-5wph-frx5-3qhe", "summary": "OpenStack Nova Potential Xen connection password leak via StorageError\nThe volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8749" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1516765", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1516765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0" }, { "reference_url": "https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27" }, { "reference_url": "https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77" }, { "reference_url": "https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-002.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/07/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/07/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/9" }, { "reference_url": "http://www.securityfocus.com/bid/80189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/80189" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8749", "reference_id": "CVE-2015-8749", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8749" }, { "reference_url": "https://github.com/advisories/GHSA-c36r-g737-9qp8", "reference_id": "GHSA-c36r-g737-9qp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c36r-g737-9qp8" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199880?format=api", "purl": "pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8749", "GHSA-c36r-g737-9qp8" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wph-frx5-3qhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84521?format=api", "vulnerability_id": "VCID-6ggp-ycpv-7kft", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1084" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0167" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59913", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084868" }, { "reference_url": "https://launchpad.net/bugs/1290537", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1290537" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0167" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/09/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/09/26" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051", "reference_id": "744051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199868?format=api", "purl": "pkg:deb/debian/nova@2013.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0167", "GHSA-p258-xmh3-72pv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ggp-ycpv-7kft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16400?format=api", "vulnerability_id": "VCID-6msd-bxpc-kqbx", "summary": "OpenStack Nova host data access through resize/migration\nThe libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0364", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0366", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0366" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56905", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2140" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1548450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1548450" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454" }, { "reference_url": "http://seclists.org/oss-sec/2016/q1/563", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q1/563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793" }, { "reference_url": "https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701" }, { "reference_url": "https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-007.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/08/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/84277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/84277" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-2140", "reference_id": "CVE-2016-2140", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-2140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2140", "reference_id": "CVE-2016-2140", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2140" }, { "reference_url": "https://github.com/advisories/GHSA-49jv-37hm-6gfp", "reference_id": "GHSA-49jv-37hm-6gfp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-49jv-37hm-6gfp" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199879?format=api", "purl": "pkg:deb/debian/nova@2:13.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2140", "GHSA-49jv-37hm-6gfp" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6msd-bxpc-kqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16408?format=api", "vulnerability_id": "VCID-7uh3-vxfa-pbdb", "summary": "OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1723", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83833", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707" }, { "reference_url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1" }, { "reference_url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff" }, { "reference_url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml" }, { "reference_url": "https://launchpad.net/bugs/1387543", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1387543" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html" }, { "reference_url": "http://www.securityfocus.com/bid/75372", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/75372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109", "reference_id": "796109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3241" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241" }, { "reference_url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx", "reference_id": "GHSA-3vx7-xff6-h2vx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199878?format=api", "purl": "pkg:deb/debian/nova@1:12.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3241", "GHSA-3vx7-xff6-h2vx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uh3-vxfa-pbdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7162?format=api", "vulnerability_id": "VCID-8c3s-u7sb-g7dp", "summary": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.", "references": [ { "reference_url": "http://osvdb.org/91303", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/91303" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01427", "scoring_system": "epss", "scoring_elements": "0.80943", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1838" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1125468", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1125468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648" }, { "reference_url": "http://secunia.com/advisories/52580", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52580" }, { "reference_url": "http://secunia.com/advisories/52728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52728" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426" }, { "reference_url": "https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6" }, { "reference_url": "https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg21892.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg21892.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1838", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1838" }, { "reference_url": "https://review.openstack.org/#/c/24451", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24451" }, { "reference_url": "https://review.openstack.org/#/c/24451/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24451/" }, { "reference_url": "https://review.openstack.org/#/c/24452", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24452" }, { "reference_url": "https://review.openstack.org/#/c/24452/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24452/" }, { "reference_url": "https://review.openstack.org/#/c/24453", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24453" }, { "reference_url": "https://review.openstack.org/#/c/24453/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24453/" }, { "reference_url": "http://ubuntu.com/usn/usn-1771-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1771-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/03/14/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/03/14/18" }, { "reference_url": "http://www.securityfocus.com/bid/58492", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064", "reference_id": "703064", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064" }, { "reference_url": "https://usn.ubuntu.com/1771-1/", "reference_id": "USN-1771-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1771-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199859?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-15?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-15%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1838", "GHSA-63fq-8fp9-vhwq", "PYSEC-2013-44" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c3s-u7sb-g7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16591?format=api", "vulnerability_id": "VCID-8dpx-f6fd-x7a8", "summary": "OpenStack Nova denial of service through compressed disk images\nOpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f" }, { "reference_url": "http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35957", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4463" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1206081", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1206081" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/10/31/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605", "reference_id": "728605", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4463", "reference_id": "CVE-2013-4463", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4463" }, { "reference_url": "https://github.com/advisories/GHSA-5644-2v3h-5w4x", "reference_id": "GHSA-5644-2v3h-5w4x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5644-2v3h-5w4x" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199864?format=api", "purl": "pkg:deb/debian/nova@2013.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4463", "GHSA-5644-2v3h-5w4x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dpx-f6fd-x7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15181?format=api", "vulnerability_id": "VCID-ajec-k7qb-6yek", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87177", "scoring_system": "epss", "scoring_elements": "0.99462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3654" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1927677", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1927677" }, { "reference_url": "https://bugs.python.org/issue32084", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.python.org/issue32084" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66" }, { "reference_url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb" }, { "reference_url": "https://security.gentoo.org/glsa/202305-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2021/07/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2021/07/29/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441", "reference_id": "991441", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3654", "reference_id": "CVE-2021-3654", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3654" }, { "reference_url": "https://github.com/advisories/GHSA-vqp6-j452-j6wp", "reference_id": "GHSA-vqp6-j452-j6wp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqp6-j452-j6wp" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199890?format=api", "purl": "pkg:deb/debian/nova@2:23.0.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:23.0.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3654", "GHSA-vqp6-j452-j6wp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajec-k7qb-6yek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7244?format=api", "vulnerability_id": "VCID-b8cd-srsc-1kdk", "summary": "The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42114", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0134" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1221190", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1221190" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637" }, { "reference_url": "https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714" }, { "reference_url": "https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0134", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0134" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/27/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712", "reference_id": "742712", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199869?format=api", "purl": "pkg:deb/debian/nova@2013.2.2-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0134", "GHSA-w429-xc55-hc48", "PYSEC-2014-112" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cd-srsc-1kdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7442?format=api", "vulnerability_id": "VCID-c5s5-rn36-1qh6", "summary": "OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16339", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2687" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1419577", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1419577" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205313", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205313" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2687" }, { "reference_url": "https://review.openstack.org/#/c/338929", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/338929" }, { "reference_url": "https://review.openstack.org/#/c/338929/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://review.openstack.org/#/c/338929/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/24/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/24/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/25/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/25/3" }, { "reference_url": "http://www.securityfocus.com/bid/77505", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.securityfocus.com/bid/77505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199877?format=api", "purl": "pkg:deb/debian/nova@2014.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-2687", "GHSA-97fv-22hc-mrgj", "PYSEC-2017-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5s5-rn36-1qh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16423?format=api", "vulnerability_id": "VCID-cj8k-ufmj-kqe2", "summary": "OpenStack Nova live snapshots use an insecure local directory\nOpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32439", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7048" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1227027", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1227027" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d" }, { "reference_url": "https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f" }, { "reference_url": "https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/01/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/01/13/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022", "reference_id": "732022", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7048", "reference_id": "CVE-2013-7048", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7048" }, { "reference_url": "https://github.com/advisories/GHSA-grp5-h379-j75x", "reference_id": "GHSA-grp5-h379-j75x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grp5-h379-j75x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199867?format=api", "purl": "pkg:deb/debian/nova@2013.2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7048", "GHSA-grp5-h379-j75x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cj8k-ufmj-kqe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16328?format=api", "vulnerability_id": "VCID-db3a-7hcs-syc6", "summary": "OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87984", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5" }, { "reference_url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f" }, { "reference_url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397" }, { "reference_url": "https://launchpad.net/bugs/1449062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1449062" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/06/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/8" }, { "reference_url": "http://www.securityfocus.com/bid/76849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76849" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162" }, { "reference_url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx", "reference_id": "GHSA-g2j5-7vgx-6xrx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199879?format=api", "purl": "pkg:deb/debian/nova@2:13.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5162", "GHSA-g2j5-7vgx-6xrx" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db3a-7hcs-syc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78691?format=api", "vulnerability_id": "VCID-dftj-xuud-b3cx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76709", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0208" }, { "reference_url": "https://usn.ubuntu.com/1709-1/", "reference_id": "USN-1709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1709-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199855?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-12?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-12%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dftj-xuud-b3cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7225?format=api", "vulnerability_id": "VCID-dznm-cs7e-53g3", "summary": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28313", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2573" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1269418", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1269418" }, { "reference_url": "http://secunia.com/advisories/57498", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57498" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9" }, { "reference_url": "https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2573", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2573" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/21/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144", "reference_id": "750144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199870?format=api", "purl": "pkg:deb/debian/nova@2014.1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-2573", "GHSA-jv34-xvjq-ppch", "PYSEC-2014-113" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dznm-cs7e-53g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16516?format=api", "vulnerability_id": "VCID-eat8-r11q-m3eg", "summary": "OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2673", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2684", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0017" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81565", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1491307", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1491307" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1492961", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1492961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-021.html" }, { "reference_url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960" }, { "reference_url": "http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76960" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-7713" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713" }, { "reference_url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr", "reference_id": "GHSA-67rh-9p29-vrxr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199878?format=api", "purl": "pkg:deb/debian/nova@1:12.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7713", "GHSA-67rh-9p29-vrxr" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eat8-r11q-m3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/254487?format=api", "vulnerability_id": "VCID-ef5k-jqxk-ukag", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43956", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498" }, { "reference_url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e" }, { "reference_url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40" }, { "reference_url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9" }, { "reference_url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175" }, { "reference_url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973" }, { "reference_url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f" }, { "reference_url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df" }, { "reference_url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927" }, { "reference_url": "https://launchpad.net/bugs/2059809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://launchpad.net/bugs/2059809" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-001.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761", "reference_id": "1074761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762", "reference_id": "1074762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763", "reference_id": "1074763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663", "reference_id": "2278663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498", "reference_id": "CVE-2024-32498", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498" }, { "reference_url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph", "reference_id": "GHSA-r4v4-w9pv-6fph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4272", "reference_id": "RHSA-2024:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4273", "reference_id": "RHSA-2024:4273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4274", "reference_id": "RHSA-2024:4274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4425", "reference_id": "RHSA-2024:4425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4425" }, { "reference_url": "https://usn.ubuntu.com/6882-1/", "reference_id": "USN-6882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-1/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" }, { "reference_url": "https://usn.ubuntu.com/6883-1/", "reference_id": "USN-6883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6883-1/" }, { "reference_url": "https://usn.ubuntu.com/6884-1/", "reference_id": "USN-6884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6884-1/" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199895?format=api", "purl": "pkg:deb/debian/nova@2:22.4.0-1~deb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199894?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199896?format=api", "purl": "pkg:deb/debian/nova@2:29.0.2-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:29.0.2-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32498", "GHSA-r4v4-w9pv-6fph" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef5k-jqxk-ukag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15593?format=api", "vulnerability_id": "VCID-ewru-8cxk-mycm", "summary": "OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61496", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4076" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/868360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/868360" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076" }, { "reference_url": "https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4" }, { "reference_url": "https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2011/10/25/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2011/10/25/4" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2011-4076", "reference_id": "CVE-2011-4076", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2011-4076" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4076", "reference_id": "CVE-2011-4076", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4076" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4076", "reference_id": "CVE-2011-4076", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4076" }, { "reference_url": "https://github.com/advisories/GHSA-vcmv-6rxx-fh7r", "reference_id": "GHSA-vcmv-6rxx-fh7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcmv-6rxx-fh7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199839?format=api", "purl": "pkg:deb/debian/nova@2012.1~e1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4076", "GHSA-vcmv-6rxx-fh7r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewru-8cxk-mycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7129?format=api", "vulnerability_id": "VCID-fbkc-wgdn-tfhw", "summary": "Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75774", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2101" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/969545", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/969545" }, { "reference_url": "http://secunia.com/advisories/49034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49034" }, { "reference_url": "http://secunia.com/advisories/49048", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49048" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75243", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75243" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7" }, { "reference_url": "https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb" }, { "reference_url": "https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg10268.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg10268.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2101" }, { "reference_url": "http://ubuntu.com/usn/usn-1438-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1438-1" }, { "reference_url": "http://www.osvdb.org/81641", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/81641" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637", "reference_id": "670637", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637" }, { "reference_url": "https://usn.ubuntu.com/1438-1/", "reference_id": "USN-1438-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1438-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199846?format=api", "purl": "pkg:deb/debian/nova@2012.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2101", "GHSA-hq3f-9gf7-73r8", "PYSEC-2012-36" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbkc-wgdn-tfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79517?format=api", "vulnerability_id": "VCID-fcgm-31hu-83gj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44821", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1068" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579", "reference_id": "753579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585", "reference_id": "753585", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" }, { "reference_url": "https://usn.ubuntu.com/2248-1/", "reference_id": "USN-2248-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2248-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199857?format=api", "purl": "pkg:deb/debian/nova@2014.1.1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcgm-31hu-83gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202048?format=api", "vulnerability_id": "VCID-fpvj-5qws-tydy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50302", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37394" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1981813", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1981813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde" }, { "reference_url": "https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206" }, { "reference_url": "https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44" }, { "reference_url": "https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a" }, { "reference_url": "https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e" }, { "reference_url": "https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/849985", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/849985" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/850003", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/850003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980", "reference_id": "1016980", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37394", "reference_id": "CVE-2022-37394", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37394" }, { "reference_url": "https://github.com/advisories/GHSA-v725-c588-h936", "reference_id": "GHSA-v725-c588-h936", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v725-c588-h936" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199891?format=api", "purl": "pkg:deb/debian/nova@2:26.0.0~rc1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0~rc1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37394", "GHSA-v725-c588-h936" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpvj-5qws-tydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7140?format=api", "vulnerability_id": "VCID-jdjj-3uf5-tyf9", "summary": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00925", "scoring_system": "epss", "scoring_elements": "0.76364", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3447" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1031311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1031311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3" }, { "reference_url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml" }, { "reference_url": "https://review.openstack.org/#/c/10953", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/10953" }, { "reference_url": "https://review.openstack.org/#/c/10953/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/10953/" }, { "reference_url": "https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1" }, { "reference_url": "http://www.securityfocus.com/bid/54869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/54869" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256", "reference_id": "684256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3447", "reference_id": "CVE-2012-3447", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3447" }, { "reference_url": "https://github.com/advisories/GHSA-xc4g-7vw8-924h", "reference_id": "GHSA-xc4g-7vw8-924h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xc4g-7vw8-924h" }, { "reference_url": "https://usn.ubuntu.com/1545-1/", "reference_id": "USN-1545-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1545-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199853?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3447", "GHSA-xc4g-7vw8-924h", "PYSEC-2012-21" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdjj-3uf5-tyf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16446?format=api", "vulnerability_id": "VCID-jdq5-r57v-6kdj", "summary": "OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1781", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1782" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72084", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1338830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1338830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/65", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/65" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220" }, { "reference_url": "http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70220" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608" }, { "reference_url": "https://github.com/advisories/GHSA-92hc-c226-32q7", "reference_id": "GHSA-92hc-c226-32q7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-92hc-c226-32q7" }, { "reference_url": "https://usn.ubuntu.com/2407-1/", "reference_id": "USN-2407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199872?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3608", "GHSA-92hc-c226-32q7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdq5-r57v-6kdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7135?format=api", "vulnerability_id": "VCID-kx6t-7mbh-gkc1", "summary": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01381", "scoring_system": "epss", "scoring_elements": "0.80592", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3360" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1015531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1015531" }, { "reference_url": "http://secunia.com/advisories/49763", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49763" }, { "reference_url": "http://secunia.com/advisories/49802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49802" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7" }, { "reference_url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg14089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg14089.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3360", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3360" }, { "reference_url": "http://www.securityfocus.com/bid/54277", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/54277" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1497-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1497-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110", "reference_id": "680110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110" }, { "reference_url": "https://usn.ubuntu.com/1497-1/", "reference_id": "USN-1497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1497-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199848?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3360", "GHSA-m454-cm7h-rqhh", "PYSEC-2012-38" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx6t-7mbh-gkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106944?format=api", "vulnerability_id": "VCID-msfc-5x87-fqgc", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84855", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199883?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-7498" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msfc-5x87-fqgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98599?format=api", "vulnerability_id": "VCID-ngcr-5ry9-cqa8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38165", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:C/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199880?format=api", "purl": "pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7548" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngcr-5ry9-cqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7131?format=api", "vulnerability_id": "VCID-nmd6-kbb3-3fc1", "summary": "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01178", "scoring_system": "epss", "scoring_elements": "0.79055", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2654" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/985184", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/985184" }, { "reference_url": "http://secunia.com/advisories/46808", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/46808" }, { "reference_url": "http://secunia.com/advisories/49439", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49439" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978" }, { "reference_url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg12883.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg12883.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2654" }, { "reference_url": "https://review.openstack.org/#/c/8239", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/8239" }, { "reference_url": "https://review.openstack.org/#/c/8239/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/8239/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1466-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1466-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465", "reference_id": "676465", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465" }, { "reference_url": "https://usn.ubuntu.com/1466-1/", "reference_id": "USN-1466-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1466-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199847?format=api", "purl": "pkg:deb/debian/nova@2012.1-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2654", "GHSA-46r8-9cj7-pw6g", "PYSEC-2012-37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmd6-kbb3-3fc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16455?format=api", "vulnerability_id": "VCID-p137-11yd-4bgv", "summary": "OpenStack Nova logs sensitive context from notification exceptions\nAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1508", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1595", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1595" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.80021", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a" }, { "reference_url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c" }, { "reference_url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a" }, { "reference_url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598" }, { "reference_url": "https://launchpad.net/bugs/1673569", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1673569" }, { "reference_url": "http://www.securityfocus.com/bid/96998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96998" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568", "reference_id": "858568", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214", "reference_id": "CVE-2017-7214", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214" }, { "reference_url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9", "reference_id": "GHSA-f4g4-cj8f-3cr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199887?format=api", "purl": "pkg:deb/debian/nova@2:14.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7214", "GHSA-f4g4-cj8f-3cr9" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p137-11yd-4bgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80376?format=api", "vulnerability_id": "VCID-p33s-1qnf-f7b8", "summary": "", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19437", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231" }, { "reference_url": "https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2096", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2096" }, { "reference_url": "https://review.openstack.org/#/c/28717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/28717" }, { "reference_url": "https://review.openstack.org/#/c/28901", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/28901" }, { "reference_url": "https://review.openstack.org/#/c/29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/29192" }, { "reference_url": "https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1831-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1831-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157", "reference_id": "710157", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157" }, { "reference_url": "https://usn.ubuntu.com/1831-1/", "reference_id": "USN-1831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1831-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199860?format=api", "purl": "pkg:deb/debian/nova@2013.1.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2096", "GHSA-m674-hmx2-ffhq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p33s-1qnf-f7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83697?format=api", "vulnerability_id": "VCID-pva3-4j9z-9kex", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68691", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1235450", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1235450" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55" }, { "reference_url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7" }, { "reference_url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419" }, { "reference_url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py" }, { "reference_url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/11/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/11/8" }, { "reference_url": "http://www.securityfocus.com/bid/64250", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199865?format=api", "purl": "pkg:deb/debian/nova@2013.2.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6419", "GHSA-22w9-j288-8p9w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pva3-4j9z-9kex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16465?format=api", "vulnerability_id": "VCID-q2pf-qwnc-5qa2", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1084" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60899", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1325128", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1325128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042", "reference_id": "755042", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517" }, { "reference_url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5", "reference_id": "GHSA-xjmj-p278-4jp5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5" }, { "reference_url": "https://usn.ubuntu.com/2325-1/", "reference_id": "USN-2325-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2325-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199871?format=api", "purl": "pkg:deb/debian/nova@2014.1.1-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3517", "GHSA-xjmj-p278-4jp5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2pf-qwnc-5qa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7163?format=api", "vulnerability_id": "VCID-qgh3-k8un-tqfz", "summary": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72" }, { "reference_url": "http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88" }, { "reference_url": "http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d" }, { "reference_url": "http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a" }, { "reference_url": "http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01036", "scoring_system": "epss", "scoring_elements": "0.77692", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0335" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1125378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1125378" }, { "reference_url": "http://secunia.com/advisories/52337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52337" }, { "reference_url": "http://secunia.com/advisories/52728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52728" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml" }, { "reference_url": "https://review.openstack.org/#/c/22086", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/22086" }, { "reference_url": "https://review.openstack.org/#/c/22086/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/22086/" }, { "reference_url": "https://review.openstack.org/#/c/22758", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/22758" }, { "reference_url": "https://review.openstack.org/#/c/22872", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/22872" }, { "reference_url": "https://review.openstack.org/#/c/22872/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/22872/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/26/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/26/7" }, { "reference_url": "http://www.osvdb.org/90657", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/90657" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1771-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1771-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773", "reference_id": "701773", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0335", "reference_id": "CVE-2013-0335", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0335" }, { "reference_url": "https://github.com/advisories/GHSA-qfp8-hfqx-c79c", "reference_id": "GHSA-qfp8-hfqx-c79c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfp8-hfqx-c79c" }, { "reference_url": "https://usn.ubuntu.com/1771-1/", "reference_id": "USN-1771-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1771-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199856?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0335", "GHSA-qfp8-hfqx-c79c", "PYSEC-2013-43" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgh3-k8un-tqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73333?format=api", "vulnerability_id": "VCID-qkwv-cmuz-hubn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68245", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0030" }, { "reference_url": "https://usn.ubuntu.com/1326-1/", "reference_id": "USN-1326-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1326-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199844?format=api", "purl": "pkg:deb/debian/nova@2012.1~rc1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~rc1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0030" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkwv-cmuz-hubn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7155?format=api", "vulnerability_id": "VCID-qmtt-dars-5ba8", "summary": "OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).", "references": [ { "reference_url": "http://osvdb.org/88419", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/88419" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77915", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5625" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1070539", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1070539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f" }, { "reference_url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml" }, { "reference_url": "https://launchpad.net/nova/folsom/2012.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/nova/folsom/2012.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5625", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5625" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/12/11/5" }, { "reference_url": "http://www.securityfocus.com/bid/56904", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/56904" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1663-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1663-1" }, { "reference_url": "https://usn.ubuntu.com/1663-1/", "reference_id": "USN-1663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199854?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5625", "GHSA-rwhr-h69g-8qmq", "PYSEC-2012-41", "PYSEC-2012-42" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmtt-dars-5ba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16442?format=api", "vulnerability_id": "VCID-qsba-b5ru-hbbw", "summary": "OpenStack Nova Long server names grow nova-api log files significantly\nOpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de" }, { "reference_url": "http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702" }, { "reference_url": "http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554" }, { "reference_url": "http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1" }, { "reference_url": "http://lwn.net/Alerts/491298", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lwn.net/Alerts/491298" }, { "reference_url": "http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1585" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/962515", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/962515" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888", "reference_id": "666888", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1585", "reference_id": "CVE-2012-1585", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1585" }, { "reference_url": "https://github.com/advisories/GHSA-pjvw-p2v5-wf6q", "reference_id": "GHSA-pjvw-p2v5-wf6q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pjvw-p2v5-wf6q" }, { "reference_url": "https://usn.ubuntu.com/1413-1/", "reference_id": "USN-1413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199845?format=api", "purl": "pkg:deb/debian/nova@2012-1~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012-1~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1585", "GHSA-pjvw-p2v5-wf6q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsba-b5ru-hbbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90384?format=api", "vulnerability_id": "VCID-qzs3-yx8x-7qfb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31025", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7230" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704", "reference_id": "765704", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714", "reference_id": "765714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714" }, { "reference_url": "https://usn.ubuntu.com/2405-1/", "reference_id": "USN-2405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2405-1/" }, { "reference_url": "https://usn.ubuntu.com/2407-1/", "reference_id": "USN-2407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199874?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7230" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzs3-yx8x-7qfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220914?format=api", "vulnerability_id": "VCID-rk1s-qbb6-2yh5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31499", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932", "reference_id": "1035932", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961", "reference_id": "1035961", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962", "reference_id": "1035962", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963", "reference_id": "1035963", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963" }, { "reference_url": "https://bugs.launchpad.net/bugs/2004555", "reference_id": "2004555", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/" } ], "url": "https://bugs.launchpad.net/bugs/2004555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179587", "reference_id": "2179587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179587" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-003.html", "reference_id": "OSSA-2023-003.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3156", "reference_id": "RHSA-2023:3156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3157", "reference_id": "RHSA-2023:3157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3158", "reference_id": "RHSA-2023:3158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3161", "reference_id": "RHSA-2023:3161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3161" }, { "reference_url": "https://usn.ubuntu.com/6073-1/", "reference_id": "USN-6073-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6073-1/" }, { "reference_url": "https://usn.ubuntu.com/6073-2/", "reference_id": "USN-6073-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6073-2/" }, { "reference_url": "https://usn.ubuntu.com/6073-3/", "reference_id": "USN-6073-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6073-3/" }, { "reference_url": "https://usn.ubuntu.com/6073-4/", "reference_id": "USN-6073-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6073-4/" }, { "reference_url": "https://usn.ubuntu.com/6241-1/", "reference_id": "USN-6241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199893?format=api", "purl": "pkg:deb/debian/nova@2:26.1.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.1.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2088" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk1s-qbb6-2yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100133?format=api", "vulnerability_id": "VCID-s6r7-gev3-e7fk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2422", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9543" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232" }, { "reference_url": "https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e" }, { "reference_url": "https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3" }, { "reference_url": "https://launchpad.net/bugs/1492140", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1492140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9543", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9543" }, { "reference_url": "https://review.opendev.org/220622", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/220622" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-001.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/02/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/02/19/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635", "reference_id": "951635", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635" }, { "reference_url": "https://github.com/advisories/GHSA-22jm-4hxw-35jf", "reference_id": "GHSA-22jm-4hxw-35jf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22jm-4hxw-35jf" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199882?format=api", "purl": "pkg:deb/debian/nova@2:20.1.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:20.1.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-9543", "GHSA-22jm-4hxw-35jf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6r7-gev3-e7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82106?format=api", "vulnerability_id": "VCID-t13y-haaf-7bfk", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4179" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71678", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1190229", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1190229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2005-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2005-1" }, { "reference_url": "https://github.com/advisories/GHSA-j6xh-q826-55jw", "reference_id": "GHSA-j6xh-q826-55jw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j6xh-q826-55jw" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" }, { "reference_url": "https://usn.ubuntu.com/2005-1/", "reference_id": "USN-2005-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2005-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199862?format=api", "purl": "pkg:deb/debian/nova@2013.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4179", "GHSA-j6xh-q826-55jw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t13y-haaf-7bfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7134?format=api", "vulnerability_id": "VCID-tzk5-1nfn-eyg9", "summary": "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01377", "scoring_system": "epss", "scoring_elements": "0.80568", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3361" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1015531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1015531" }, { "reference_url": "http://secunia.com/advisories/49763", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49763" }, { "reference_url": "http://secunia.com/advisories/49802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49802" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7" }, { "reference_url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg14089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg14089.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3361", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3361" }, { "reference_url": "https://review.openstack.org/#/c/9268", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/9268" }, { "reference_url": "https://review.openstack.org/#/c/9268/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/9268/" }, { "reference_url": "http://www.securityfocus.com/bid/54278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/54278" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1497-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1497-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110", "reference_id": "680110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110" }, { "reference_url": "https://usn.ubuntu.com/1497-1/", "reference_id": "USN-1497-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1497-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199848?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3361", "GHSA-cm54-3vvf-f5p8", "PYSEC-2012-39" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzk5-1nfn-eyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22625?format=api", "vulnerability_id": "VCID-u19q-tztn-gbdk", "summary": "OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05485", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/2137507", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://bugs.launchpad.net/nova/+bug/2137507" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/02/17/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294", "reference_id": "1128294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312", "reference_id": "2430312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708", "reference_id": "CVE-2026-24708", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708" }, { "reference_url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6", "reference_id": "GHSA-m4f3-qp2w-gwh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7884", "reference_id": "RHSA-2026:7884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7884" }, { "reference_url": "https://usn.ubuntu.com/8049-1/", "reference_id": "USN-8049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8049-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199897?format=api", "purl": "pkg:deb/debian/nova@2:22.4.0-1~deb11u7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199898?format=api", "purl": "pkg:deb/debian/nova@2:32.1.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:32.1.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-24708", "GHSA-m4f3-qp2w-gwh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u19q-tztn-gbdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16524?format=api", "vulnerability_id": "VCID-u36z-5drx-vfce", "summary": "OpenStack Nova DoS through ephemeral disk backing files\nThe libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6437" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1253980", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1253980" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836" }, { "reference_url": "https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4" }, { "reference_url": "https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6437", "reference_id": "CVE-2013-6437", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6437" }, { "reference_url": "https://github.com/advisories/GHSA-hrv9-4x4c-9jc8", "reference_id": "GHSA-hrv9-4x4c-9jc8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hrv9-4x4c-9jc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199867?format=api", "purl": "pkg:deb/debian/nova@2013.2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6437", "GHSA-hrv9-4x4c-9jc8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u36z-5drx-vfce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7133?format=api", "vulnerability_id": "VCID-u7ma-975h-ebbr", "summary": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75679", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3371" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1017795", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1017795" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml" }, { "reference_url": "https://lists.launchpad.net/openstack/msg14452.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg14452.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3371", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3371" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/07/11/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13" }, { "reference_url": "http://www.securityfocus.com/bid/54388", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/54388" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1501-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1501-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301", "reference_id": "681301", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301" }, { "reference_url": "https://usn.ubuntu.com/1501-1/", "reference_id": "USN-1501-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1501-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199850?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3371", "GHSA-xxgm-qpj5-4886", "PYSEC-2012-40" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7ma-975h-ebbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16158?format=api", "vulnerability_id": "VCID-uyea-wvyg-gyd1", "summary": "OpenStack Nova DoS by rebuilding the same instance with a new image multiple times\nAn issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.75034", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17051" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9" }, { "reference_url": "https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23" }, { "reference_url": "https://launchpad.net/bugs/1732976", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1732976" }, { "reference_url": "https://review.openstack.org/521662", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/521662" }, { "reference_url": "https://review.openstack.org/523214", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/523214" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-006.html" }, { "reference_url": "http://www.securityfocus.com/bid/102102", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/102102" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621", "reference_id": "883621", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17051", "reference_id": "CVE-2017-17051", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17051" }, { "reference_url": "https://github.com/advisories/GHSA-vq76-rxx3-4r4r", "reference_id": "GHSA-vq76-rxx3-4r4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vq76-rxx3-4r4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199885?format=api", "purl": "pkg:deb/debian/nova@2:16.0.3-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17051", "GHSA-vq76-rxx3-4r4r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyea-wvyg-gyd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/261071?format=api", "vulnerability_id": "VCID-vr1y-xf1h-gbhf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74947", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://launchpad.net/bugs/2071734", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://launchpad.net/bugs/2071734" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/924731", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/924731" }, { "reference_url": "https://security.openstack.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/23/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217", "reference_id": "2297217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767", "reference_id": "CVE-2024-40767", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767" }, { "reference_url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m", "reference_id": "GHSA-rm86-h44c-2r2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5082", "reference_id": "RHSA-2024:5082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5083", "reference_id": "RHSA-2024:5083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5097", "reference_id": "RHSA-2024:5097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5113", "reference_id": "RHSA-2024:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5113" }, { "reference_url": "https://usn.ubuntu.com/6911-1/", "reference_id": "USN-6911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199854?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-40767", "GHSA-rm86-h44c-2r2m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr1y-xf1h-gbhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7207?format=api", "vulnerability_id": "VCID-wdf1-puxa-17hb", "summary": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html" }, { "reference_url": "http://osvdb.org/102416", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/102416" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03132", "scoring_system": "epss", "scoring_elements": "0.87099", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7130" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1251590", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1251590" }, { "reference_url": "http://secunia.com/advisories/56450", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/56450" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9" }, { "reference_url": "https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1" }, { "reference_url": "https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7130" }, { "reference_url": "https://review.openstack.org/#/c/68658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68658" }, { "reference_url": "https://review.openstack.org/#/c/68658/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68658/" }, { "reference_url": "https://review.openstack.org/#/c/68659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68659" }, { "reference_url": "https://review.openstack.org/#/c/68659/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68659/" }, { "reference_url": "https://review.openstack.org/#/c/68660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68660" }, { "reference_url": "https://review.openstack.org/#/c/68660/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68660/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/01/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/01/23/5" }, { "reference_url": "http://www.securityfocus.com/bid/65106", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65106" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465", "reference_id": "736465", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199867?format=api", "purl": "pkg:deb/debian/nova@2013.2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7130", "GHSA-99rx-9x8v-9j8p", "PYSEC-2014-111" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdf1-puxa-17hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82308?format=api", "vulnerability_id": "VCID-xash-dc2m-2fa3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19063", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4469" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1206081", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1206081" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18" }, { "reference_url": "https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f" }, { "reference_url": "https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4469", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4469" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/10/31/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605", "reference_id": "728605", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199864?format=api", "purl": "pkg:deb/debian/nova@2013.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4469", "GHSA-2w87-5qcj-j6gx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xash-dc2m-2fa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15993?format=api", "vulnerability_id": "VCID-xauw-u24d-uqfu", "summary": "OpenStack Nova Filter Scheduler Bypass\nIn OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0369" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60038", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:P" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30" }, { "reference_url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34" }, { "reference_url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833" }, { "reference_url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a" }, { "reference_url": "https://launchpad.net/bugs/1664931", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1664931" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-005.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4056", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4056" }, { "reference_url": "http://www.securityfocus.com/bid/101950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101950" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009", "reference_id": "882009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239", "reference_id": "CVE-2017-16239", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239" }, { "reference_url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg", "reference_id": "GHSA-w2wf-cgwh-vpqg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199884?format=api", "purl": "pkg:deb/debian/nova@2:16.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16239", "GHSA-w2wf-cgwh-vpqg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xauw-u24d-uqfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7943?format=api", "vulnerability_id": "VCID-ywya-kfum-mke1", "summary": "An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60027", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff" }, { "reference_url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d" }, { "reference_url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db" }, { "reference_url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb" }, { "reference_url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml" }, { "reference_url": "https://launchpad.net/bugs/1890501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1890501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-006.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/25/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/08/25/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052", "reference_id": "969052", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052" }, { "reference_url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv", "reference_id": "GHSA-c7w7-9c85-4qxv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199889?format=api", "purl": "pkg:deb/debian/nova@2:21.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:21.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-17376", "GHSA-c7w7-9c85-4qxv", "PYSEC-2020-243" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywya-kfum-mke1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16368?format=api", "vulnerability_id": "VCID-z1bn-znt4-57cg", "summary": "OpenStack Nova VMware instance leak potentially leading to compute DoS\nThe VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.73134", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8333" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1359138", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1359138" }, { "reference_url": "http://secunia.com/advisories/60531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60531" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2" }, { "reference_url": "https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8333", "reference_id": "CVE-2014-8333", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8333" }, { "reference_url": "https://github.com/advisories/GHSA-g63p-mfcm-54c4", "reference_id": "GHSA-g63p-mfcm-54c4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g63p-mfcm-54c4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199875?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8333", "GHSA-g63p-mfcm-54c4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1bn-znt4-57cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16287?format=api", "vulnerability_id": "VCID-zv1m-f3pu-uqdc", "summary": "OpenStack Nova Denial of Service in network source security groups\nAlgorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f" }, { "reference_url": "http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c" }, { "reference_url": "http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69296", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4185" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1184041", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1184041" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/282" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907", "reference_id": "718907", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4185", "reference_id": "CVE-2013-4185", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4185" }, { "reference_url": "https://github.com/advisories/GHSA-ph2h-hh49-vh27", "reference_id": "GHSA-ph2h-hh49-vh27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ph2h-hh49-vh27" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199861?format=api", "purl": "pkg:deb/debian/nova@2013.1.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4185", "GHSA-ph2h-hh49-vh27" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv1m-f3pu-uqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16466?format=api", "vulnerability_id": "VCID-zww8-cs3r-9yax", "summary": "OpenStack Nova Multiple directory traversal vulnerabilities\nMultiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00541", "scoring_system": "epss", "scoring_elements": "0.67937", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4596" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/885167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/885167" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/894755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/894755" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6" }, { "reference_url": "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e" }, { "reference_url": "https://lists.launchpad.net/openstack/msg06105.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg06105.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4596", "reference_id": "CVE-2011-4596", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4596" }, { "reference_url": "https://github.com/advisories/GHSA-qr62-r9xc-r2gj", "reference_id": "GHSA-qr62-r9xc-r2gj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qr62-r9xc-r2gj" }, { "reference_url": "https://usn.ubuntu.com/1305-1/", "reference_id": "USN-1305-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1305-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199843?format=api", "purl": "pkg:deb/debian/nova@2012.1~e1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199840?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajec-k7qb-6yek" }, { "vulnerability": "VCID-fpvj-5qws-tydy" }, { "vulnerability": "VCID-rk1s-qbb6-2yh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199838?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199842?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/199841?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4596", "GHSA-qr62-r9xc-r2gj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zww8-cs3r-9yax" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }