Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fh42-vdj2-dqgu

Summary

OpenStack Glance Bypass the storage quota and Denial of service
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Aliases

alias	CVE-2014-9623

alias	GHSA-j4mh-9wq6-8rg6

Fixed_packages

url pkg:deb/debian/glance@2014.1.3-12

purl pkg:deb/debian/glance@2014.1.3-12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9sg5-tbvn-syba

vulnerability	VCID-br4q-499g-vqhg

vulnerability	VCID-g1mf-hrds-bubz

vulnerability	VCID-h6rd-5p7q-s3gq

vulnerability	VCID-hbpu-kpak-2uer

vulnerability	VCID-k2u9-5g8v-bucz

vulnerability	VCID-ruvh-knrw-pygu

vulnerability	VCID-tafu-6gx3-n7bf

vulnerability	VCID-zy9m-d25c-5uga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12

url	pkg:deb/debian/glance@2014.1.3-12?distro=trixie
purl	pkg:deb/debian/glance@2014.1.3-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12%3Fdistro=trixie

url pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yzt4-fp6y-h3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yzt4-fp6y-h3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/glance@2:30.0.0-3?distro=trixie

purl pkg:deb/debian/glance@2:30.0.0-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yzt4-fp6y-h3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/glance@2:32.0.0-1?distro=trixie
purl	pkg:deb/debian/glance@2:32.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/glance@2:32.0.0-2?distro=trixie
purl	pkg:deb/debian/glance@2:32.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/glance@2012.1.1-5

purl pkg:deb/debian/glance@2012.1.1-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9sg5-tbvn-syba

vulnerability	VCID-9zm2-a38f-33g3

vulnerability	VCID-br4q-499g-vqhg

vulnerability	VCID-fh42-vdj2-dqgu

vulnerability	VCID-fwaa-nnw4-1qcz

vulnerability	VCID-g1mf-hrds-bubz

vulnerability	VCID-h6rd-5p7q-s3gq

vulnerability	VCID-hbpu-kpak-2uer

vulnerability	VCID-k2u9-5g8v-bucz

vulnerability	VCID-ruvh-knrw-pygu

vulnerability	VCID-t91r-2xja-17hy

vulnerability	VCID-tafu-6gx3-n7bf

vulnerability	VCID-uveb-gt8h-1kcr

vulnerability	VCID-wvq2-r6u8-7bet

vulnerability	VCID-zgpj-5an4-mucg

vulnerability	VCID-zy9m-d25c-5uga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-5

url pkg:rpm/redhat/openstack-glance@2014.1.4-1?arch=el7ost

purl pkg:rpm/redhat/openstack-glance@2014.1.4-1?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fh42-vdj2-dqgu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-glance@2014.1.4-1%3Farch=el7ost

url pkg:rpm/redhat/openstack-glance@2014.1.4-1?arch=el6ost

purl pkg:rpm/redhat/openstack-glance@2014.1.4-1?arch=el6ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fh42-vdj2-dqgu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-glance@2014.1.4-1%3Farch=el6ost

url pkg:rpm/redhat/openstack-glance@2014.2.2-1?arch=el7ost

purl pkg:rpm/redhat/openstack-glance@2014.2.2-1?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fh42-vdj2-dqgu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-glance@2014.2.2-1%3Farch=el7ost

url pkg:rpm/redhat/python-glanceclient@1:0.14.2-2?arch=el7ost

purl pkg:rpm/redhat/python-glanceclient@1:0.14.2-2?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fh42-vdj2-dqgu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-glanceclient@1:0.14.2-2%3Farch=el7ost

References

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0644.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0644.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0837.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0837.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0838.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0838.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9623

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.57703
published_at	2026-04-13T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57722
published_at	2026-04-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57743
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57728
published_at	2026-04-09T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57696
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57729
published_at	2026-04-18T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57733
published_at	2026-04-16T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57725
published_at	2026-04-08T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5759
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57675
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57671
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9623

reference_url

https://bugs.launchpad.net/glance/+bug/1383973

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/glance/+bug/1383973

reference_url

https://bugs.launchpad.net/glance/+bug/1398830

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/glance/+bug/1398830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623

reference_url

http://secunia.com/advisories/62165

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/62165

reference_url

https://github.com/openstack/glance

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance

reference_url

https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea

reference_url

https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31

reference_url

https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9623

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9623

reference_url

https://security.openstack.org/ossa/OSSA-2015-003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2015-003.html

reference_url

http://www.openwall.com/lists/oss-security/2015/01/18/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/01/18/4

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1183647
reference_id	1183647
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1183647

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580
reference_id	776580
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580

reference_url

https://github.com/advisories/GHSA-j4mh-9wq6-8rg6

reference_id

GHSA-j4mh-9wq6-8rg6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j4mh-9wq6-8rg6

reference_url	https://access.redhat.com/errata/RHSA-2015:0644
reference_id	RHSA-2015:0644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0644

reference_url	https://access.redhat.com/errata/RHSA-2015:0837
reference_id	RHSA-2015:0837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0837

reference_url	https://access.redhat.com/errata/RHSA-2015:0838
reference_id	RHSA-2015:0838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0838

Weaknesses

cwe_id	841
name	Improper Enforcement of Behavioral Workflow
description	The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fh42-vdj2-dqgu

Vulnerability Instance