| 0 |
| url |
VCID-1fb2-ccby-7yfq |
| vulnerability_id |
VCID-1fb2-ccby-7yfq |
| summary |
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-17376 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.5979 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59784 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59746 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59629 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59764 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.5978 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59761 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59747 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59695 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59726 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00385 |
| scoring_system |
epss |
| scoring_elements |
0.59701 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-17376 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/openstack/nova |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/openstack/nova |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://launchpad.net/bugs/1890501 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://launchpad.net/bugs/1890501 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/nova@19.3.1 |
| purl |
pkg:pypi/nova@19.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 15 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/nova@20.4.0 |
| purl |
pkg:pypi/nova@20.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 15 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.4.0 |
|
| 3 |
| url |
pkg:pypi/nova@21.1.0 |
| purl |
pkg:pypi/nova@21.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 15 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0 |
|
|
| aliases |
CVE-2020-17376, GHSA-c7w7-9c85-4qxv, PYSEC-2020-243
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq |
|
| 1 |
| url |
VCID-1p1c-fevy-bydg |
| vulnerability_id |
VCID-1p1c-fevy-bydg |
| summary |
Insufficient Verification of Data Authenticity
It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0259 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42694 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42678 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42701 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42665 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42648 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42708 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42576 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42646 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42674 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42615 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00205 |
| scoring_system |
epss |
| scoring_elements |
0.42666 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-0259 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-0259, GHSA-x8xr-rm9r-7mvf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg |
|
| 2 |
| url |
VCID-2dpk-ncrc-1fcw |
| vulnerability_id |
VCID-2dpk-ncrc-1fcw |
| summary |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14433 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79871 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79924 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79944 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79927 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79919 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79948 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79949 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79887 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79899 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79877 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01327 |
| scoring_system |
epss |
| scoring_elements |
0.79915 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14433 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/openstack/nova |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/openstack/nova |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://launchpad.net/bugs/1837877 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://launchpad.net/bugs/1837877 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4104-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4104-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/nova@17.0.12 |
| purl |
pkg:pypi/nova@17.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-qfdm-g857-3yb5 |
|
| 14 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 15 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 16 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 17 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@17.0.12 |
|
| 1 |
| url |
pkg:pypi/nova@18.2.2 |
| purl |
pkg:pypi/nova@18.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-qfdm-g857-3yb5 |
|
| 14 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 15 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 16 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 17 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.2.2 |
|
| 2 |
| url |
pkg:pypi/nova@19.0.2 |
| purl |
pkg:pypi/nova@19.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-qfdm-g857-3yb5 |
|
| 14 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 15 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 16 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 17 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.2 |
|
|
| aliases |
CVE-2019-14433, GHSA-pg64-r7rr-phv8, PYSEC-2019-191
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpk-ncrc-1fcw |
|
| 3 |
| url |
VCID-5nfz-1bk3-93fe |
| vulnerability_id |
VCID-5nfz-1bk3-93fe |
| summary |
OpenStack Nova instance migration process does not stop when instance is deleted
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3241 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83569 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83469 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83481 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83496 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83495 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83519 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83529 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83543 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83537 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83534 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83568 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3241 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-3241, GHSA-3vx7-xff6-h2vx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe |
|
| 4 |
| url |
VCID-5tkb-w761-4qc6 |
| vulnerability_id |
VCID-5tkb-w761-4qc6 |
| summary |
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2030 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10489 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10522 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10491 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10428 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10354 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10494 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10334 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10307 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10466 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2030 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2030, GHSA-pxxv-rv32-2qgv, PYSEC-2013-45
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-w761-4qc6 |
|
| 5 |
| url |
VCID-6n3z-x4zj-4bez |
| vulnerability_id |
VCID-6n3z-x4zj-4bez |
| summary |
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7713 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81283 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81198 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81206 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81229 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81257 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81299 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81298 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.01522 |
| scoring_system |
epss |
| scoring_elements |
0.81261 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7713 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7713, GHSA-67rh-9p29-vrxr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez |
|
| 6 |
| url |
VCID-bauj-n7jg-gkd2 |
| vulnerability_id |
VCID-bauj-n7jg-gkd2 |
| summary |
OpenStack Compute (Nova) Denial of Service vulnerability
A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3708 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77595 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.7764 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77642 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77578 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77558 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77588 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77622 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77604 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77545 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77606 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01057 |
| scoring_system |
epss |
| scoring_elements |
0.77551 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3708 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3708, GHSA-43hc-pwvx-pmfg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2 |
|
| 7 |
| url |
VCID-br4q-499g-vqhg |
| vulnerability_id |
VCID-br4q-499g-vqhg |
| summary |
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-47951 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72732 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72721 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72679 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72689 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72706 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72682 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72669 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.7263 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00731 |
| scoring_system |
epss |
| scoring_elements |
0.72635 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-47951 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://launchpad.net/bugs/1996188 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/ |
|
|
| url |
https://launchpad.net/bugs/1996188 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-47951, GHSA-7h75-hwxx-qpgc
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
6.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg |
|
| 8 |
| url |
VCID-e6ne-73mv-73bc |
| vulnerability_id |
VCID-e6ne-73mv-73bc |
| summary |
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-40767 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74671 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74663 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74627 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74635 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74655 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74632 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74586 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74612 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00835 |
| scoring_system |
epss |
| scoring_elements |
0.74585 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-40767 |
|
| 2 |
| reference_url |
https://github.com/openstack/nova |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/openstack/nova |
|
| 3 |
| reference_url |
https://launchpad.net/bugs/2071734 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/ |
|
|
| url |
https://launchpad.net/bugs/2071734 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://security.openstack.org |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/ |
|
|
| url |
https://security.openstack.org |
|
| 8 |
| reference_url |
https://security.openstack.org/ossa/OSSA-2024-002.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/ |
|
|
| url |
https://security.openstack.org/ossa/OSSA-2024-002.html |
|
| 9 |
| reference_url |
https://www.openwall.com/lists/oss-security/2024/07/23/2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/ |
|
|
| url |
https://www.openwall.com/lists/oss-security/2024/07/23/2 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-40767, GHSA-rm86-h44c-2r2m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc |
|
| 9 |
| url |
VCID-ek6e-977t-3bew |
| vulnerability_id |
VCID-ek6e-977t-3bew |
| summary |
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3280 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73931 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.74025 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73935 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.7396 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73965 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.74016 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73976 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73984 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.74002 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73925 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00795 |
| scoring_system |
epss |
| scoring_elements |
0.73979 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-3280 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-3280, GHSA-mfmj-gwg3-vhw7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew |
|
| 10 |
| url |
VCID-ex1j-py3q-93hv |
| vulnerability_id |
VCID-ex1j-py3q-93hv |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3517 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60668 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60616 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60632 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60656 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60641 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.6062 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60662 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60495 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.6057 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00398 |
| scoring_system |
epss |
| scoring_elements |
0.60598 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3517 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3517, GHSA-xjmj-p278-4jp5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv |
|
| 11 |
| url |
VCID-h6rd-5p7q-s3gq |
| vulnerability_id |
VCID-h6rd-5p7q-s3gq |
| summary |
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38394 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38413 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38465 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38489 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38353 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38404 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38412 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38428 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38366 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00171 |
| scoring_system |
epss |
| scoring_elements |
0.38391 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://launchpad.net/bugs/2059809 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/ |
|
|
| url |
https://launchpad.net/bugs/2059809 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://security.openstack.org/ossa/OSSA-2024-001.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/ |
|
|
| url |
https://security.openstack.org/ossa/OSSA-2024-001.html |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-32498, GHSA-r4v4-w9pv-6fph
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq |
|
| 12 |
| url |
VCID-m5vc-4my3-87gk |
| vulnerability_id |
VCID-m5vc-4my3-87gk |
| summary |
OpenStack Nova Changing vnic_type breaks compute service restart
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37394 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18199 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18186 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18241 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18292 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18339 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18338 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18202 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18492 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18438 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37394 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/nova@24.0.0.0rc1 |
| purl |
pkg:pypi/nova@24.0.0.0rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 11 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 12 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 13 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1 |
|
| 2 |
|
| 3 |
| url |
pkg:pypi/nova@25.0.0.0rc1 |
| purl |
pkg:pypi/nova@25.0.0.0rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 6 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 7 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 8 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 9 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 10 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 11 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 12 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1 |
|
| 4 |
|
|
| aliases |
CVE-2022-37394, GHSA-v725-c588-h936
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vc-4my3-87gk |
|
| 13 |
| url |
VCID-qb9p-rpza-5fa5 |
| vulnerability_id |
VCID-qb9p-rpza-5fa5 |
| summary |
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2256 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.647 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64719 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64695 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64712 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64672 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64593 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64646 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64708 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64674 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.64632 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00472 |
| scoring_system |
epss |
| scoring_elements |
0.6468 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2256 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2256, GHSA-5mj6-643f-2g85
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5 |
|
| 14 |
| url |
VCID-qfdm-g857-3yb5 |
| vulnerability_id |
VCID-qfdm-g857-3yb5 |
| summary |
OpenStack Nova can leak consoleauth token into log files
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-9543 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24177 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24364 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.2419 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24173 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.2423 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24273 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24256 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24213 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24201 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.2433 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00083 |
| scoring_system |
epss |
| scoring_elements |
0.24147 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-9543 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/nova@18.3.0 |
| purl |
pkg:pypi/nova@18.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 14 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 15 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 16 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.3.0 |
|
| 2 |
| url |
pkg:pypi/nova@19.1.0 |
| purl |
pkg:pypi/nova@19.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 14 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 15 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 16 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.1.0 |
|
| 3 |
| url |
pkg:pypi/nova@20.1.0 |
| purl |
pkg:pypi/nova@20.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fb2-ccby-7yfq |
|
| 1 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 2 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 3 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 4 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 5 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 6 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 7 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 8 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 9 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 10 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 11 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 12 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 13 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 14 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 15 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
| 16 |
| vulnerability |
VCID-zwuz-pgjz-rkb9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.1.0 |
|
|
| aliases |
CVE-2015-9543, GHSA-22jm-4hxw-35jf
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdm-g857-3yb5 |
|
| 15 |
| url |
VCID-s69v-tc7x-37fe |
| vulnerability_id |
VCID-s69v-tc7x-37fe |
| summary |
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24708 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18759 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18747 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18797 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22081 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21988 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.21907 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22132 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22017 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22058 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00072 |
| scoring_system |
epss |
| scoring_elements |
0.22043 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24708 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-24708, GHSA-m4f3-qp2w-gwh6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe |
|
| 16 |
| url |
VCID-sj2k-uq1g-suby |
| vulnerability_id |
VCID-sj2k-uq1g-suby |
| summary |
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4179 OpenStack: Nova XML entities DoS |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4179 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71365 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71309 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71322 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71345 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.7133 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71313 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71359 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71267 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71275 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00669 |
| scoring_system |
epss |
| scoring_elements |
0.71292 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4179 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4179, GHSA-j6xh-q826-55jw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby |
|
| 17 |
| url |
VCID-x5k4-dm9d-xkf7 |
| vulnerability_id |
VCID-x5k4-dm9d-xkf7 |
| summary |
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3608 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71788 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71706 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71725 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71698 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71737 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71749 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71773 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71756 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71739 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71782 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00689 |
| scoring_system |
epss |
| scoring_elements |
0.71699 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3608 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3608, GHSA-92hc-c226-32q7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7 |
|
| 18 |
| url |
VCID-zwuz-pgjz-rkb9 |
| vulnerability_id |
VCID-zwuz-pgjz-rkb9 |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.87234 |
| scoring_system |
epss |
| scoring_elements |
0.99452 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99453 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.9945 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99449 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99448 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99445 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.87248 |
| scoring_system |
epss |
| scoring_elements |
0.99444 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3654 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/nova@21.2.3 |
| purl |
pkg:pypi/nova@21.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.2.3 |
|
| 1 |
|
| 2 |
| url |
pkg:pypi/nova@22.3.0 |
| purl |
pkg:pypi/nova@22.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.3.0 |
|
| 3 |
|
| 4 |
| url |
pkg:pypi/nova@23.1.0 |
| purl |
pkg:pypi/nova@23.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1p1c-fevy-bydg |
|
| 1 |
| vulnerability |
VCID-5nfz-1bk3-93fe |
|
| 2 |
| vulnerability |
VCID-5tkb-w761-4qc6 |
|
| 3 |
| vulnerability |
VCID-6n3z-x4zj-4bez |
|
| 4 |
| vulnerability |
VCID-bauj-n7jg-gkd2 |
|
| 5 |
| vulnerability |
VCID-br4q-499g-vqhg |
|
| 6 |
| vulnerability |
VCID-e6ne-73mv-73bc |
|
| 7 |
| vulnerability |
VCID-ek6e-977t-3bew |
|
| 8 |
| vulnerability |
VCID-ex1j-py3q-93hv |
|
| 9 |
| vulnerability |
VCID-h6rd-5p7q-s3gq |
|
| 10 |
| vulnerability |
VCID-m5vc-4my3-87gk |
|
| 11 |
| vulnerability |
VCID-qb9p-rpza-5fa5 |
|
| 12 |
| vulnerability |
VCID-s69v-tc7x-37fe |
|
| 13 |
| vulnerability |
VCID-sj2k-uq1g-suby |
|
| 14 |
| vulnerability |
VCID-x5k4-dm9d-xkf7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.1.0 |
|
|
| aliases |
CVE-2021-3654, GHSA-vqp6-j452-j6wp
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwuz-pgjz-rkb9 |
|