Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/99718?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/99718?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3?distro=trixie", "type": "deb", "namespace": "debian", "name": "ironic", "version": "1:21.1.0-3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:26.1.0-1", "latest_non_vulnerable_version": "1:35.0.1-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74119?format=api", "vulnerability_id": "VCID-2p25-2d9m-t3cp", "summary": "In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02541", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44919" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2150332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2150332" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44919" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44919", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44919" }, { "reference_url": "https://opendev.org/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/ironic" }, { "reference_url": "https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136655", "reference_id": "1136655", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136655" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-013.html", "reference_id": "OSSA-2026-013.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:53:26Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-013.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-44919", "GHSA-4g73-w726-53h3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p25-2d9m-t3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61748?format=api", "vulnerability_id": "VCID-3p7k-r1sj-4kcm", "summary": "OpenStack Ironic: ipmitool: OpenStack Ironic: Arbitrary Code Execution via Remote Hardware Management", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42510.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42510" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2148331", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T12:35:30Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2148331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42510" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42510", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42510" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/30/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135255", "reference_id": "1135255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135255" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463371", "reference_id": "2463371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99726?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42510", "GHSA-wqpv-c3pp-3m58" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p7k-r1sj-4kcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55942?format=api", "vulnerability_id": "VCID-9dkb-kf24-xkdp", "summary": "OpenStack Ironic fails to verify checksums of supplied image_source URLs\nIn OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5381", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47211" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://github.com/openstack/ironic/commit/2127cc4c93770778457fde0582c1bba258c67e02", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/2127cc4c93770778457fde0582c1bba258c67e02" }, { "reference_url": "https://github.com/openstack/ironic/commit/7a1292c569a84eb05806a57a89fca5bb6b0c4043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/7a1292c569a84eb05806a57a89fca5bb6b0c4043" }, { "reference_url": "https://github.com/openstack/ironic/commit/ebce0fd0845de411171127a55002ae7c9605de57", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/ebce0fd0845de411171127a55002ae7c9605de57" }, { "reference_url": "https://github.com/openstack/ironic/compare/24.1.2...26.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/compare/24.1.2...26.1.0" }, { "reference_url": "https://github.com/openstack/ironic/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/security" }, { "reference_url": "https://github.com/openstack/ironic/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://github.com/openstack/ironic/tags" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:53:38Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-004.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315010", "reference_id": "2315010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47211", "reference_id": "CVE-2024-47211", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47211" }, { "reference_url": "https://github.com/advisories/GHSA-8h22-6qwx-q4w9", "reference_id": "GHSA-8h22-6qwx-q4w9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h22-6qwx-q4w9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8229", "reference_id": "RHSA-2024:8229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0439", "reference_id": "RHSA-2025:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3482", "reference_id": "RHSA-2025:3482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99724?format=api", "purl": "pkg:deb/debian/ironic@1:26.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:26.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99722?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47211", "GHSA-8h22-6qwx-q4w9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkb-kf24-xkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74117?format=api", "vulnerability_id": "VCID-bcmu-f24h-3yg9", "summary": "In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01377", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44916" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136005", "reference_id": "1136005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136005" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2148307", "reference_id": "2148307", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T12:50:26Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2148307" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-012.html", "reference_id": "OSSA-2026-012.html", "reference_type": "", "scores": [ { "value": "3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T12:50:26Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-012.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99727?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-44916" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcmu-f24h-3yg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61136?format=api", "vulnerability_id": "VCID-hwwu-hhkm-jkfa", "summary": "OpenStack Ironic: OpenStack Ironic: Information disclosure via credential forwarding during mold import", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42997.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42997.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01765", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42997" }, { "reference_url": "https://github.com/openstack/ironic-python-agent", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic-python-agent" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42997", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42997" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T18:38:38Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-010.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/05/05/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T18:38:38Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/05/05/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/05/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/05/10" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135811", "reference_id": "1135811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135811" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466844", "reference_id": "2466844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466844" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99726?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42997", "GHSA-54w4-233h-x86g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwwu-hhkm-jkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74108?format=api", "vulnerability_id": "VCID-jv92-qsda-dqhp", "summary": "In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51022", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2071740", "reference_id": "2071740", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2071740" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309331", "reference_id": "2309331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309331" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/09/04/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/09/04/4" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-003.html", "reference_id": "OSSA-2024-003.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T13:24:10Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7594", "reference_id": "RHSA-2024:7594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9982", "reference_id": "RHSA-2024:9982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0204", "reference_id": "RHSA-2025:0204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0204" }, { "reference_url": "https://usn.ubuntu.com/6989-1/", "reference_id": "USN-6989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99724?format=api", "purl": "pkg:deb/debian/ironic@1:26.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:26.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99722?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-44082" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jv92-qsda-dqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37055?format=api", "vulnerability_id": "VCID-pqfj-a8pk-2fbx", "summary": "OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-44021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-44021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-44021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-44021" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/2107847", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:20:27Z/" } ], "url": "https://bugs.launchpad.net/ironic/+bug/2107847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44021" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://github.com/openstack/ironic/commit/10590b36f541130f6a5d7a49da0f095ff8390cce", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/10590b36f541130f6a5d7a49da0f095ff8390cce" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ironic/PYSEC-2025-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ironic/PYSEC-2025-38.yaml" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2025-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:20:27Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2025-001.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/08/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/08/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104964", "reference_id": "1104964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364264", "reference_id": "2364264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364264" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44021", "reference_id": "CVE-2025-44021", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44021" }, { "reference_url": "https://github.com/advisories/GHSA-q3m2-crgq-5p3q", "reference_id": "GHSA-q3m2-crgq-5p3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q3m2-crgq-5p3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99725?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99722?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-44021", "GHSA-q3m2-crgq-5p3q", "PYSEC-2025-38" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqfj-a8pk-2fbx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43617?format=api", "vulnerability_id": "VCID-dntc-q2t8-yyhx", "summary": "OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor\nThe ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the `v1/drivers/$DRIVER_NAME/vendor_passthru` resource.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1377", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1377" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1378", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:1378" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00786", "scoring_system": "epss", "scoring_elements": "0.74147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00786", "scoring_system": "epss", "scoring_elements": "0.74181", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4985" }, { "reference_url": "https://bugs.launchpad.net/ironic/+bug/1572796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ironic/+bug/1572796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4985" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/ironic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic" }, { "reference_url": "https://github.com/openstack/ironic/commit/426a306fb580762e97ada04e1253dedd9b64d410", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/426a306fb580762e97ada04e1253dedd9b64d410" }, { "reference_url": "https://github.com/openstack/ironic/commit/affec224977174581d19a2b914772cb0409f633e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/affec224977174581d19a2b914772cb0409f633e" }, { "reference_url": "https://github.com/openstack/ironic/commit/f5a3ff1dfcde068769f9a2a477ba6a9edaf69c77", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ironic/commit/f5a3ff1dfcde068769f9a2a477ba6a9edaf69c77" }, { "reference_url": "https://review.openstack.org/332195", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/332195" }, { "reference_url": "https://review.openstack.org/332196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/332196" }, { "reference_url": "https://review.openstack.org/332197", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/332197" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/21/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/21/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827886", "reference_id": "827886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827886" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-4985", "reference_id": "CVE-2016-4985", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-4985" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4985", "reference_id": "CVE-2016-4985", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4985" }, { "reference_url": "https://github.com/advisories/GHSA-f7cr-7c2c-fm8r", "reference_id": "GHSA-f7cr-7c2c-fm8r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7cr-7c2c-fm8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99723?format=api", "purl": "pkg:deb/debian/ironic@1:5.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:5.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99720?format=api", "purl": "pkg:deb/debian/ironic@1:16.0.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-9dkb-kf24-xkdp" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" }, { "vulnerability": "VCID-jv92-qsda-dqhp" }, { "vulnerability": "VCID-pqfj-a8pk-2fbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:16.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99718?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-9dkb-kf24-xkdp" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" }, { "vulnerability": "VCID-jv92-qsda-dqhp" }, { "vulnerability": "VCID-pqfj-a8pk-2fbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99722?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4985", "GHSA-f7cr-7c2c-fm8r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dntc-q2t8-yyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74105?format=api", "vulnerability_id": "VCID-fvc7-ktza-efed", "summary": "OpenStack Ironic 4.2.0 through 4.2.1 does not \"clean\" the disk after use, which allows remote authenticated users to obtain sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40818", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40895", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285809", "reference_id": "1285809", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285809" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807269", "reference_id": "807269", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807269" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/99719?format=api", "purl": "pkg:deb/debian/ironic@1:4.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:4.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99720?format=api", "purl": "pkg:deb/debian/ironic@1:16.0.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-9dkb-kf24-xkdp" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" }, { "vulnerability": "VCID-jv92-qsda-dqhp" }, { "vulnerability": "VCID-pqfj-a8pk-2fbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:16.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99718?format=api", "purl": "pkg:deb/debian/ironic@1:21.1.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-9dkb-kf24-xkdp" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" }, { "vulnerability": "VCID-jv92-qsda-dqhp" }, { "vulnerability": "VCID-pqfj-a8pk-2fbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99722?format=api", "purl": "pkg:deb/debian/ironic@1:29.0.0-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2p25-2d9m-t3cp" }, { "vulnerability": "VCID-3p7k-r1sj-4kcm" }, { "vulnerability": "VCID-bcmu-f24h-3yg9" }, { "vulnerability": "VCID-hwwu-hhkm-jkfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:29.0.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/99721?format=api", "purl": "pkg:deb/debian/ironic@1:35.0.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:35.0.1-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7514" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvc7-ktza-efed" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ironic@1:21.1.0-3%3Fdistro=trixie" }