Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037211?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037211?format=api", "purl": "pkg:deb/debian/nova@2012.1.1-18", "type": "deb", "namespace": "debian", "name": "nova", "version": "2012.1.1-18", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:26.2.2-1~deb12u3", "latest_non_vulnerable_version": "2:26.2.2-1~deb12u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6132?format=api", "vulnerability_id": "VCID-1fb2-ccby-7yfq", "summary": "An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59872", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59802", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59776", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59746", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5978", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5982", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59759", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59711", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59748", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59763", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59745", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59774", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5979", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59784", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff" }, { "reference_url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d" }, { "reference_url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db" }, { "reference_url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb" }, { "reference_url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml" }, { "reference_url": "https://launchpad.net/bugs/1890501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1890501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-006.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/25/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/08/25/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869426", "reference_id": "1869426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052", "reference_id": "969052", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052" }, { "reference_url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv", "reference_id": "GHSA-c7w7-9c85-4qxv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3702", "reference_id": "RHSA-2020:3702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3704", "reference_id": "RHSA-2020:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3706", "reference_id": "RHSA-2020:3706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3708", "reference_id": "RHSA-2020:3708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3711", "reference_id": "RHSA-2020:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3711" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995253?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-17376", "GHSA-c7w7-9c85-4qxv", "PYSEC-2020-243" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15410?format=api", "vulnerability_id": "VCID-1p1c-fevy-bydg", "summary": "Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0790", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42443", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.4233", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42406", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42422", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.4235", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42378", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42576", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42674", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42701", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42665", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42708", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42694", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42556", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42471", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1409142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1409142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250", "reference_id": "780250", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-0259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259" }, { "reference_url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf", "reference_id": "GHSA-x8xr-rm9r-7mvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2015-0259", "GHSA-x8xr-rm9r-7mvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14664?format=api", "vulnerability_id": "VCID-1qbm-qguj-gkem", "summary": "OpenStack Nova Filter Scheduler Bypass\nIn OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0369" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59762", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59758", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59788", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59804", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59779", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59794", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59882", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59818", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59791", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59835", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59773", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59725", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:P" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30" }, { "reference_url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34" }, { "reference_url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833" }, { "reference_url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a" }, { "reference_url": "https://launchpad.net/bugs/1664931", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1664931" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-005.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4056", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4056" }, { "reference_url": "http://www.securityfocus.com/bid/101950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539", "reference_id": "1508539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009", "reference_id": "882009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239", "reference_id": "CVE-2017-16239", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239" }, { "reference_url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg", "reference_id": "GHSA-w2wf-cgwh-vpqg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037214?format=api", "purl": "pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052087?format=api", "purl": "pkg:deb/debian/nova@2:18.1.0-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6" } ], "aliases": [ "CVE-2017-16239", "GHSA-w2wf-cgwh-vpqg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qbm-qguj-gkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5922?format=api", "vulnerability_id": "VCID-2dpk-ncrc-1fcw", "summary": "An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2622", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2631", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2652", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2652" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79871", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80015", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80038", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80052", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80049", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80065", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80106", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79986", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79981", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79952", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79949", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79948", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79927", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79944", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79924", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79915", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79887", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.79877", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80003", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml" }, { "reference_url": "https://launchpad.net/bugs/1837877", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1837877" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14433", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14433" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2019-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2019-003.html" }, { "reference_url": "https://usn.ubuntu.com/4104-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4104-1" }, { "reference_url": "https://usn.ubuntu.com/4104-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4104-1/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/06/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/06/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735522", "reference_id": "1735522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735522" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114", "reference_id": "934114", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114" }, { "reference_url": "https://github.com/advisories/GHSA-pg64-r7rr-phv8", "reference_id": "GHSA-pg64-r7rr-phv8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg64-r7rr-phv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995253?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-14433", "GHSA-pg64-r7rr-phv8", "PYSEC-2019-191" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dpk-ncrc-1fcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15608?format=api", "vulnerability_id": "VCID-5nfz-1bk3-93fe", "summary": "OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1723", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83721", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83534", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83593", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83601", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83606", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83631", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83651", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83669", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.8367", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83685", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83481", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83496", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83543", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83537", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707" }, { "reference_url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1" }, { "reference_url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff" }, { "reference_url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml" }, { "reference_url": "https://launchpad.net/bugs/1387543", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1387543" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html" }, { "reference_url": "http://www.securityfocus.com/bid/75372", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/75372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109", "reference_id": "796109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3241" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241" }, { "reference_url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx", "reference_id": "GHSA-3vx7-xff6-h2vx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-3241", "GHSA-3vx7-xff6-h2vx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15359?format=api", "vulnerability_id": "VCID-5w9q-vw2n-zfdu", "summary": "OpenStack Nova Denial of Service in network source security groups\nAlgorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f" }, { "reference_url": "http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c" }, { "reference_url": "http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69157", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69058", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69039", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69082", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69114", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69106", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68897", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68915", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68965", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68984", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69007", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68992", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69004", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.68994", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00583", "scoring_system": "epss", "scoring_elements": "0.69051", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4185" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1184041", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1184041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/282" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907", "reference_id": "718907", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=993331", "reference_id": "993331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=993331" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4185", "reference_id": "CVE-2013-4185", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4185" }, { "reference_url": "https://github.com/advisories/GHSA-ph2h-hh49-vh27", "reference_id": "GHSA-ph2h-hh49-vh27", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ph2h-hh49-vh27" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4185", "GHSA-ph2h-hh49-vh27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5w9q-vw2n-zfdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15846?format=api", "vulnerability_id": "VCID-6n3z-x4zj-4bez", "summary": "OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2673", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2684", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0017" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81328", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81446", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81299", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81333", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81406", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81388", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81391", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81198", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.8137", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.8135", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81261", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81298", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1491307", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1491307" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1492961", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1492961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-021.html" }, { "reference_url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960" }, { "reference_url": "http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76960" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-7713" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713" }, { "reference_url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr", "reference_id": "GHSA-67rh-9p29-vrxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-7713", "GHSA-67rh-9p29-vrxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54923?format=api", "vulnerability_id": "VCID-7wvt-bvww-g7ck", "summary": "OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors\nThe \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41996", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42117", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41894", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41967", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41896", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41922", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4217", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42228", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4225", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42266", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42242", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42121", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4278" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1212179", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1212179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9" }, { "reference_url": "https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492" }, { "reference_url": "https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4278" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000086", "reference_id": "1000086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000086" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602", "reference_id": "720602", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602" }, { "reference_url": "https://github.com/advisories/GHSA-43cm-73px-5v4m", "reference_id": "GHSA-43cm-73px-5v4m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43cm-73px-5v4m" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4278", "GHSA-43cm-73px-5v4m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvt-bvww-g7ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15585?format=api", "vulnerability_id": "VCID-7yp4-ebnm-g3c3", "summary": "OpenStack Nova host data access through resize/migration\nThe libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0364", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0366", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0366" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70317", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70551", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.705", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70474", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70505", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70473", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70433", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70459", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70458", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70395", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70304", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70371", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70311", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70334", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.7045", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70399", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70409", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.70366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00634", "scoring_system": "epss", "scoring_elements": "0.7038", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2140" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1548450", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1548450" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140" }, { "reference_url": "http://seclists.org/oss-sec/2016/q1/563", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q1/563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793" }, { "reference_url": "https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701" }, { "reference_url": "https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-007.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/08/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/03/08/6" }, { "reference_url": "http://www.securityfocus.com/bid/84277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/84277" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-2140", "reference_id": "CVE-2016-2140", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-2140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2140", "reference_id": "CVE-2016-2140", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2140" }, { "reference_url": "https://github.com/advisories/GHSA-49jv-37hm-6gfp", "reference_id": "GHSA-49jv-37hm-6gfp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49jv-37hm-6gfp" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2016-2140", "GHSA-49jv-37hm-6gfp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yp4-ebnm-g3c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15391?format=api", "vulnerability_id": "VCID-9se5-m6dx-8kcj", "summary": "OpenStack Nova Potential Xen connection password leak via StorageError\nThe volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.7625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76453", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76404", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.7628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76213", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76276", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76219", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.7623", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76388", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76401", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.7638", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.7635", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76349", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76305", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76321", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00942", "scoring_system": "epss", "scoring_elements": "0.76316", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8749" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1516765", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1516765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0" }, { "reference_url": "https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27" }, { "reference_url": "https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77" }, { "reference_url": "https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-002.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/07/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/07/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/9" }, { "reference_url": "http://www.securityfocus.com/bid/80189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/80189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296837", "reference_id": "1296837", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296837" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8749", "reference_id": "CVE-2015-8749", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8749" }, { "reference_url": "https://github.com/advisories/GHSA-c36r-g737-9qp8", "reference_id": "GHSA-c36r-g737-9qp8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c36r-g737-9qp8" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-8749", "GHSA-c36r-g737-9qp8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9se5-m6dx-8kcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54324?format=api", "vulnerability_id": "VCID-az4e-wgmd-gyc3", "summary": "OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image\nOpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1882", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18849", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18738", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18717", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18672", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18544", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18628", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18729", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18691", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18723", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18918", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19054", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19106", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18921", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18821", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18834", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4469" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1206081", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1206081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18" }, { "reference_url": "https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f" }, { "reference_url": "https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4469", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4469" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/10/31/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023581", "reference_id": "1023581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605", "reference_id": "728605", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605" }, { "reference_url": "https://github.com/advisories/GHSA-2w87-5qcj-j6gx", "reference_id": "GHSA-2w87-5qcj-j6gx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w87-5qcj-j6gx" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4469", "GHSA-2w87-5qcj-j6gx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-az4e-wgmd-gyc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15663?format=api", "vulnerability_id": "VCID-bauj-n7jg-gkd2", "summary": "OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77802", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77674", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77689", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77702", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77731", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.7775", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77739", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77756", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77545", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77606", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77604", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77642", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.7764", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1358583", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1358583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777" }, { "reference_url": "http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70777" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708" }, { "reference_url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg", "reference_id": "GHSA-43hc-pwvx-pmfg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-3708", "GHSA-43hc-pwvx-pmfg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=api", "vulnerability_id": "VCID-br4q-499g-vqhg", "summary": "OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.70075", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.7263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72764", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72794", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72819", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72782", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72806", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1996188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://launchpad.net/bugs/1996188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-002.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5336" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5337" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561", "reference_id": "1029561", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562", "reference_id": "1029562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563", "reference_id": "1029563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812", "reference_id": "2161812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951", "reference_id": "CVE-2022-47951", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951" }, { "reference_url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc", "reference_id": "GHSA-7h75-hwxx-qpgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1015", "reference_id": "RHSA-2023:1015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1016", "reference_id": "RHSA-2023:1016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1017", "reference_id": "RHSA-2023:1017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1278", "reference_id": "RHSA-2023:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1279", "reference_id": "RHSA-2023:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1280", "reference_id": "RHSA-2023:1280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1280" }, { "reference_url": "https://usn.ubuntu.com/5835-1/", "reference_id": "USN-5835-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-1/" }, { "reference_url": "https://usn.ubuntu.com/5835-2/", "reference_id": "USN-5835-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-2/" }, { "reference_url": "https://usn.ubuntu.com/5835-3/", "reference_id": "USN-5835-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-3/" }, { "reference_url": "https://usn.ubuntu.com/5835-4/", "reference_id": "USN-5835-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-4/" }, { "reference_url": "https://usn.ubuntu.com/5835-5/", "reference_id": "USN-5835-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-5/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995253?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1" } ], "aliases": [ "CVE-2022-47951", "GHSA-7h75-hwxx-qpgc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15057?format=api", "vulnerability_id": "VCID-cwub-w9dp-wfgy", "summary": "OpenStack Nova DoS by rebuilding the same instance with a new image multiple times\nAn issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74898", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74844", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74674", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.747", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74675", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74722", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74824", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74855", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.7483", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74799", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74795", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74792", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.7475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74715", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74671", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00841", "scoring_system": "epss", "scoring_elements": "0.74724", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9" }, { "reference_url": "https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23" }, { "reference_url": "https://launchpad.net/bugs/1732976", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1732976" }, { "reference_url": "https://review.openstack.org/521662", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/521662" }, { "reference_url": "https://review.openstack.org/523214", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/523214" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-006.html" }, { "reference_url": "http://www.securityfocus.com/bid/102102", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/102102" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519231", "reference_id": "1519231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621", "reference_id": "883621", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17051", "reference_id": "CVE-2017-17051", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17051" }, { "reference_url": "https://github.com/advisories/GHSA-vq76-rxx3-4r4r", "reference_id": "GHSA-vq76-rxx3-4r4r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vq76-rxx3-4r4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052087?format=api", "purl": "pkg:deb/debian/nova@2:18.1.0-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6" } ], "aliases": [ "CVE-2017-17051", "GHSA-vq76-rxx3-4r4r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwub-w9dp-wfgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14415?format=api", "vulnerability_id": "VCID-cy7p-gzf8-eqcj", "summary": "OpenStack Nova Denial of service attack on the compute host\nAn issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2018/04/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2018/04/20/3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2332", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2855" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85332", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.8531", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85313", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85292", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85297", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85282", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85444", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85407", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85394", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85398", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85381", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85354", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.8534", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85341", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85232", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.8525", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.85274", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02481", "scoring_system": "epss", "scoring_elements": "0.8522", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac" }, { "reference_url": "https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58" }, { "reference_url": "https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88" }, { "reference_url": "https://launchpad.net/bugs/1739593", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1739593" }, { "reference_url": "https://review.openstack.org/539893", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/539893" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2018-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2018-001.html" }, { "reference_url": "http://www.securityfocus.com/bid/103104", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546937", "reference_id": "1546937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546937" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18191", "reference_id": "CVE-2017-18191", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18191" }, { "reference_url": "https://github.com/advisories/GHSA-ffmh-r67w-m88f", "reference_id": "GHSA-ffmh-r67w-m88f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffmh-r67w-m88f" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052087?format=api", "purl": "pkg:deb/debian/nova@2:18.1.0-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:18.1.0-6" } ], "aliases": [ "CVE-2017-18191", "GHSA-ffmh-r67w-m88f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy7p-gzf8-eqcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15414?format=api", "vulnerability_id": "VCID-ek6e-977t-3bew", "summary": "OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74138", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73976", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74016", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74017", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74049", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74058", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74075", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74097", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74082", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73925", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.7396", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73931", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73965", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73984", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280" }, { "reference_url": "https://launchpad.net/bugs/1392527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1392527" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html" }, { "reference_url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76553" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883", "reference_id": "798883", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280" }, { "reference_url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7", "reference_id": "GHSA-mfmj-gwg3-vhw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-3280", "GHSA-mfmj-gwg3-vhw7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15740?format=api", "vulnerability_id": "VCID-ex1j-py3q-93hv", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1084" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6075", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60654", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60652", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60645", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60702", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60689", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6057", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60598", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60616", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60656", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60641", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60662", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1325128", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1325128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042", "reference_id": "755042", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517" }, { "reference_url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5", "reference_id": "GHSA-xjmj-p278-4jp5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5" }, { "reference_url": "https://usn.ubuntu.com/2325-1/", "reference_id": "USN-2325-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2325-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-3517", "GHSA-xjmj-p278-4jp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=api", "vulnerability_id": "VCID-h6rd-5p7q-s3gq", "summary": "OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39802", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43927", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43803", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44448", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44417", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44384", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44431", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44353", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498" }, { "reference_url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e" }, { "reference_url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40" }, { "reference_url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9" }, { "reference_url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175" }, { "reference_url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973" }, { "reference_url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f" }, { "reference_url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df" }, { "reference_url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927" }, { "reference_url": "https://launchpad.net/bugs/2059809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://launchpad.net/bugs/2059809" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-001.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761", "reference_id": "1074761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762", "reference_id": "1074762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763", "reference_id": "1074763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663", "reference_id": "2278663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663" }, { "reference_url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph", "reference_id": "GHSA-r4v4-w9pv-6fph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4272", "reference_id": "RHSA-2024:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4273", "reference_id": "RHSA-2024:4273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4274", "reference_id": "RHSA-2024:4274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4425", "reference_id": "RHSA-2024:4425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4425" }, { "reference_url": "https://usn.ubuntu.com/6882-1/", "reference_id": "USN-6882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-1/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" }, { "reference_url": "https://usn.ubuntu.com/6883-1/", "reference_id": "USN-6883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6883-1/" }, { "reference_url": "https://usn.ubuntu.com/6884-1/", "reference_id": "USN-6884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6884-1/" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995254?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3" } ], "aliases": [ "CVE-2024-32498", "GHSA-r4v4-w9pv-6fph" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57990?format=api", "vulnerability_id": "VCID-hcsa-vfvp-buax", "summary": "OpenStack Nova Router metadata queries are not restricted by tenant\nInteraction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0091.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68563", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6841", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68423", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68401", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68454", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68459", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68437", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68479", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68515", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68481", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68506", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68306", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68326", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68345", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68373", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6839", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68417", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68404", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68372", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6419" }, { "reference_url": "https://bugs.launchpad.net/neutron/+bug/1235450", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/neutron/+bug/1235450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55" }, { "reference_url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7" }, { "reference_url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6419" }, { "reference_url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py" }, { "reference_url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/11/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/11/8" }, { "reference_url": "http://www.securityfocus.com/bid/64250", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64250" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039148", "reference_id": "1039148", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039148" }, { "reference_url": "https://github.com/advisories/GHSA-22w9-j288-8p9w", "reference_id": "GHSA-22w9-j288-8p9w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22w9-j288-8p9w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0091", "reference_id": "RHSA-2014:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0231", "reference_id": "RHSA-2014:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-6419", "GHSA-22w9-j288-8p9w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcsa-vfvp-buax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86724?format=api", "vulnerability_id": "VCID-hgk8-jtvw-9fgb", "summary": "nova: qpid SSL configuration", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59896", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60019", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60032", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60053", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60037", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.6002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.6006", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60067", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60052", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60039", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60027", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.59987", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60034", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60092", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60051", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60078", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60141", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6491" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059504", "reference_id": "1059504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0112", "reference_id": "RHSA-2014:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0112" }, { "reference_url": "https://usn.ubuntu.com/2208-1/", "reference_id": "USN-2208-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2208-1/" }, { "reference_url": "https://usn.ubuntu.com/2208-2/", "reference_id": "USN-2208-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2208-2/" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-6491" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgk8-jtvw-9fgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15719?format=api", "vulnerability_id": "VCID-jdb7-71q5-pfcx", "summary": "OpenStack Nova logs sensitive context from notification exceptions\nAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1508", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1595", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79823", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79797", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79721", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79889", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79851", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79835", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79839", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79693", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79782", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.7976", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.7973", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.7965", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79727", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a" }, { "reference_url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c" }, { "reference_url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a" }, { "reference_url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598" }, { "reference_url": "https://launchpad.net/bugs/1673569", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1673569" }, { "reference_url": "http://www.securityfocus.com/bid/96998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434844", "reference_id": "1434844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434844" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568", "reference_id": "858568", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:13.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:14.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:15.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214", "reference_id": "CVE-2017-7214", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214" }, { "reference_url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9", "reference_id": "GHSA-f4g4-cj8f-3cr9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037214?format=api", "purl": "pkg:deb/debian/nova@2:14.0.0-4%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%252Bdeb9u1" } ], "aliases": [ "CVE-2017-7214", "GHSA-f4g4-cj8f-3cr9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdb7-71q5-pfcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5391?format=api", "vulnerability_id": "VCID-jdn1-d4d3-sud7", "summary": "The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42228", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41996", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41922", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41896", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41967", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41894", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42034", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42117", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42121", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42242", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42266", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4225", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4217", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4228", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0134" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1221190", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1221190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637" }, { "reference_url": "https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714" }, { "reference_url": "https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0134", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0134" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/27/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078002", "reference_id": "1078002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712", "reference_id": "742712", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712" }, { "reference_url": "https://github.com/advisories/GHSA-w429-xc55-hc48", "reference_id": "GHSA-w429-xc55-hc48", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w429-xc55-hc48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0578", "reference_id": "RHSA-2014:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0578" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-0134", "GHSA-w429-xc55-hc48", "PYSEC-2014-112" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdn1-d4d3-sud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84892?format=api", "vulnerability_id": "VCID-k48d-ecqx-m3ed", "summary": "openstack-nova: May fail to delete images in resize state regression", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.8454", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84544", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84565", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84572", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.8459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84582", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84601", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84602", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84603", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.8463", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84639", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84641", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84656", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84682", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84699", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84695", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84712", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02248", "scoring_system": "epss", "scoring_elements": "0.84743", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378661", "reference_id": "1378661", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2016-7498" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k48d-ecqx-m3ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92472?format=api", "vulnerability_id": "VCID-kncr-vrmh-fygm", "summary": "The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44646", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44729", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44809", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4483", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4477", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44825", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44842", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44811", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44859", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44708", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44715", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44637", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44522", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44593", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44608", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44545", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44574", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068" }, { "reference_url": "http://ubuntu.com/usn/usn-2248-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-2248-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579", "reference_id": "753579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585", "reference_id": "753585", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1068", "reference_id": "CVE-2013-1068", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1068" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" }, { "reference_url": "https://usn.ubuntu.com/2248-1/", "reference_id": "USN-2248-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2248-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-1068" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kncr-vrmh-fygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16001?format=api", "vulnerability_id": "VCID-kqbu-drg3-fycm", "summary": "OpenStack Nova denial of service through compressed disk images\nOpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.", "references": [ { "reference_url": "http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f" }, { "reference_url": "http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19033", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18868", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18745", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18829", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18933", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18894", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1893", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19116", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1925", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1915", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19157", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19014", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19034", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18927", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18911", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4463" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1206081", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1206081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/10/31/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023239", "reference_id": "1023239", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1023239" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605", "reference_id": "728605", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4463", "reference_id": "CVE-2013-4463", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4463" }, { "reference_url": "https://github.com/advisories/GHSA-5644-2v3h-5w4x", "reference_id": "GHSA-5644-2v3h-5w4x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5644-2v3h-5w4x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0112", "reference_id": "RHSA-2014:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0112" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4463", "GHSA-5644-2v3h-5w4x" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqbu-drg3-fycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56474?format=api", "vulnerability_id": "VCID-n6d6-1kyd-qufe", "summary": "OpenStack Compute Nova Improper Access Control\nThe XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1933", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1923", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1932", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19195", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19234", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1914", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19059", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19165", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19208", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19219", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23923", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24049", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24087", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.239", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2391", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4497" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1073306", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1073306" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1202266", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1202266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4497" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e" }, { "reference_url": "https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7" }, { "reference_url": "https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80" }, { "reference_url": "https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4497", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4497" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/11/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/11/03/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/11/03/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/11/03/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026171", "reference_id": "1026171", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026171" }, { "reference_url": "https://github.com/advisories/GHSA-27q4-38qf-m25h", "reference_id": "GHSA-27q4-38qf-m25h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-27q4-38qf-m25h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0366", "reference_id": "RHSA-2014:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4497", "GHSA-27q4-38qf-m25h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6d6-1kyd-qufe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85385?format=api", "vulnerability_id": "VCID-nb1y-cbzs-abhc", "summary": "openstack-nova: Unprivileged API user can access host data using instance snapshot", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0018.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7548.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38026", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.37974", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.37951", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38363", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38525", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38446", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38399", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38426", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38206", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38087", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.37976", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38046", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38059", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:C/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.openstack.org/ossa/OSSA-2016-001.html" }, { "reference_url": "http://www.securityfocus.com/bid/80176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/80176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290511", "reference_id": "1290511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290511" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7548", "reference_id": "CVE-2015-7548", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0018", "reference_id": "RHSA-2016:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0018" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-7548" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nb1y-cbzs-abhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57734?format=api", "vulnerability_id": "VCID-q246-vzd6-3qfb", "summary": "OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests\nThe Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1084" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0167" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59639", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59692", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59672", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59665", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59706", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59647", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.596", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59653", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59633", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59664", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59523", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.5968", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59621", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59591", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59642", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59655", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59675", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167" }, { "reference_url": "https://launchpad.net/bugs/1290537", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1290537" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0167" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/09/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/09/26" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051", "reference_id": "744051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051" }, { "reference_url": "https://github.com/advisories/GHSA-p258-xmh3-72pv", "reference_id": "GHSA-p258-xmh3-72pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p258-xmh3-72pv" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-0167", "GHSA-p258-xmh3-72pv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q246-vzd6-3qfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15462?format=api", "vulnerability_id": "VCID-qb9p-rpza-5fa5", "summary": "OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64854", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64736", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64716", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64764", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64808", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64778", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64799", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64674", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.6468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64708", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64726", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64739", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1194093", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1194093" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/281", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/281" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905", "reference_id": "718905", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-2256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256" }, { "reference_url": "https://github.com/advisories/GHSA-5mj6-643f-2g85", "reference_id": "GHSA-5mj6-643f-2g85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mj6-643f-2g85" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-2256", "GHSA-5mj6-643f-2g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86587?format=api", "vulnerability_id": "VCID-qe1w-wnfu-mudr", "summary": "OpenStack: openstack-nova-compute console-log DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4261.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4261", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69345", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69384", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69368", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69355", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69404", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69436", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69443", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69448", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69425", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69468", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69502", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69471", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69496", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69542", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4261" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271", "reference_id": "999271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4261" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qe1w-wnfu-mudr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57643?format=api", "vulnerability_id": "VCID-qfdm-g857-3yb5", "summary": "OpenStack Nova can leak consoleauth token into log files\nAn issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24073", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23986", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23965", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2402", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23951", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23869", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23979", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24019", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2403", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24177", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2419", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24201", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24147", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24364", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232" }, { "reference_url": "https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e" }, { "reference_url": "https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3" }, { "reference_url": "https://launchpad.net/bugs/1492140", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1492140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9543", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9543" }, { "reference_url": "https://review.opendev.org/220622", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/220622" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-001.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/02/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/02/19/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805386", "reference_id": "1805386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805386" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635", "reference_id": "951635", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635" }, { "reference_url": "https://github.com/advisories/GHSA-22jm-4hxw-35jf", "reference_id": "GHSA-22jm-4hxw-35jf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22jm-4hxw-35jf" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995253?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1" } ], "aliases": [ "CVE-2015-9543", "GHSA-22jm-4hxw-35jf" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdm-g857-3yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5372?format=api", "vulnerability_id": "VCID-qnhs-qv3p-myg2", "summary": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28826", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28225", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28151", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28132", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28191", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28133", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28293", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28369", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28481", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28736", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28698", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28596", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28643", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28668", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2874", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2573" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1269418", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1269418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573" }, { "reference_url": "http://secunia.com/advisories/57498", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/57498" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9" }, { "reference_url": "https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2573", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2573" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/21/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080289", "reference_id": "1080289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080289" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144", "reference_id": "750144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144" }, { "reference_url": "https://github.com/advisories/GHSA-jv34-xvjq-ppch", "reference_id": "GHSA-jv34-xvjq-ppch", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jv34-xvjq-ppch" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-2573", "GHSA-jv34-xvjq-ppch", "PYSEC-2014-113" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnhs-qv3p-myg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15519?format=api", "vulnerability_id": "VCID-r558-z5xb-v3a8", "summary": "OpenStack Nova VMware instance leak potentially leading to compute DoS\nThe VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72992", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72899", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72908", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72907", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72901", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72928", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72953", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72916", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.7294", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72758", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72786", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72814", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72838", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72821", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72854", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72865", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72857", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8333" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1359138", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1359138" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333" }, { "reference_url": "http://secunia.com/advisories/60531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60531" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2" }, { "reference_url": "https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154890", "reference_id": "1154890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154890" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8333", "reference_id": "CVE-2014-8333", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8333" }, { "reference_url": "https://github.com/advisories/GHSA-g63p-mfcm-54c4", "reference_id": "GHSA-g63p-mfcm-54c4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g63p-mfcm-54c4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-8333", "GHSA-g63p-mfcm-54c4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r558-z5xb-v3a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15860?format=api", "vulnerability_id": "VCID-rvp9-etcr-wycj", "summary": "OpenStack Nova DoS through ephemeral disk backing files\nThe libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62967", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62858", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62873", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62826", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62872", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62925", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62884", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62911", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62706", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62762", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62825", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62843", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62832", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62857", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.62837", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6437" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1253980", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1253980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836" }, { "reference_url": "https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4" }, { "reference_url": "https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043106", "reference_id": "1043106", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043106" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6437", "reference_id": "CVE-2013-6437", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6437" }, { "reference_url": "https://github.com/advisories/GHSA-hrv9-4x4c-9jc8", "reference_id": "GHSA-hrv9-4x4c-9jc8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hrv9-4x4c-9jc8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0231", "reference_id": "RHSA-2014:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-6437", "GHSA-hrv9-4x4c-9jc8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvp9-etcr-wycj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22302?format=api", "vulnerability_id": "VCID-s69v-tc7x-37fe", "summary": "OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03789", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03786", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05171", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05123", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05133", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05224", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05221", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05222", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05216", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18747", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21907", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22081", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22058", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22017", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/2137507", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://bugs.launchpad.net/nova/+bug/2137507" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/02/17/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294", "reference_id": "1128294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312", "reference_id": "2430312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312" }, { "reference_url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6", "reference_id": "GHSA-m4f3-qp2w-gwh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7884", "reference_id": "RHSA-2026:7884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7884" }, { "reference_url": "https://usn.ubuntu.com/8049-1/", "reference_id": "USN-8049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8049-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995254?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3" } ], "aliases": [ "CVE-2026-24708", "GHSA-m4f3-qp2w-gwh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16041?format=api", "vulnerability_id": "VCID-sj2k-uq1g-suby", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nCVE-2013-4179 OpenStack: Nova XML entities DoS", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71517", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71396", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71432", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71467", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71462", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71275", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71292", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7133", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71365", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71344", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71398", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1190229", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1190229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2005-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2005-1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4179", "reference_id": "CVE-2013-4179", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4179" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179", "reference_id": "CVE-2013-4179", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179" }, { "reference_url": "https://github.com/advisories/GHSA-j6xh-q826-55jw", "reference_id": "GHSA-j6xh-q826-55jw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6xh-q826-55jw" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" }, { "reference_url": "https://usn.ubuntu.com/2005-1/", "reference_id": "USN-2005-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2005-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-4179", "GHSA-j6xh-q826-55jw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57592?format=api", "vulnerability_id": "VCID-t2sh-b3m5-vyax", "summary": "OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image\nOpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19192", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19277", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19179", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1931", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19315", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19267", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19213", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1918", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19081", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19027", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.18908", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.18989", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19088", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19053", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19089", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2096" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231" }, { "reference_url": "https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2096", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2096" }, { "reference_url": "https://review.openstack.org/#/c/28717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/28717" }, { "reference_url": "https://review.openstack.org/#/c/28717/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/28717/" }, { "reference_url": "https://review.openstack.org/#/c/28901", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/28901" }, { "reference_url": "https://review.openstack.org/#/c/28901/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/28901/" }, { "reference_url": "https://review.openstack.org/#/c/29192", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/29192" }, { "reference_url": "https://review.openstack.org/#/c/29192/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/29192/" }, { "reference_url": "https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924" }, { "reference_url": "http://www.securityfocus.com/bid/59924", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/59924" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1831-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1831-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157", "reference_id": "710157", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=963462", "reference_id": "963462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=963462" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-m674-hmx2-ffhq", "reference_id": "GHSA-m674-hmx2-ffhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m674-hmx2-ffhq" }, { "reference_url": "https://usn.ubuntu.com/1831-1/", "reference_id": "USN-1831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1831-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-2096", "GHSA-m674-hmx2-ffhq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2sh-b3m5-vyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15641?format=api", "vulnerability_id": "VCID-v47b-k4qx-h7a2", "summary": "OpenStack Nova live snapshots use an insecure local directory\nOpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17194", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17127", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17107", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1705", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.16913", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17006", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17101", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17073", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17109", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17193", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1736", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17406", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17186", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17278", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17336", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17299", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1724", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17179", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1722", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7048" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1227027", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1227027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d" }, { "reference_url": "https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f" }, { "reference_url": "https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/01/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/01/13/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040786", "reference_id": "1040786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022", "reference_id": "732022", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7048", "reference_id": "CVE-2013-7048", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7048" }, { "reference_url": "https://github.com/advisories/GHSA-grp5-h379-j75x", "reference_id": "GHSA-grp5-h379-j75x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grp5-h379-j75x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0231", "reference_id": "RHSA-2014:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0366", "reference_id": "RHSA-2014:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-7048", "GHSA-grp5-h379-j75x" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v47b-k4qx-h7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5354?format=api", "vulnerability_id": "VCID-vena-h39k-v3fe", "summary": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html" }, { "reference_url": "http://osvdb.org/102416", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/102416" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85482", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85458", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85462", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85464", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.8545", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85417", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85397", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85385", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.8542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85619", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85582", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85569", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85573", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85554", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85531", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85514", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85483", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02539", "scoring_system": "epss", "scoring_elements": "0.85487", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7130" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1251590", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1251590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130" }, { "reference_url": "http://secunia.com/advisories/56450", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/56450" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9" }, { "reference_url": "https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1" }, { "reference_url": "https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7130", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7130" }, { "reference_url": "https://review.openstack.org/#/c/68658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68658" }, { "reference_url": "https://review.openstack.org/#/c/68658/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68658/" }, { "reference_url": "https://review.openstack.org/#/c/68659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68659" }, { "reference_url": "https://review.openstack.org/#/c/68659/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68659/" }, { "reference_url": "https://review.openstack.org/#/c/68660", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/68660" }, { "reference_url": "https://review.openstack.org/#/c/68660/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/68660/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/01/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/01/23/5" }, { "reference_url": "http://www.securityfocus.com/bid/65106", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65106" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2247-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2247-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1055400", "reference_id": "1055400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1055400" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465", "reference_id": "736465", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465" }, { "reference_url": "https://github.com/advisories/GHSA-99rx-9x8v-9j8p", "reference_id": "GHSA-99rx-9x8v-9j8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99rx-9x8v-9j8p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0231", "reference_id": "RHSA-2014:0231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0366", "reference_id": "RHSA-2014:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0366" }, { "reference_url": "https://usn.ubuntu.com/2247-1/", "reference_id": "USN-2247-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2247-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2013-7130", "GHSA-99rx-9x8v-9j8p", "PYSEC-2014-111" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vena-h39k-v3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15700?format=api", "vulnerability_id": "VCID-x5k4-dm9d-xkf7", "summary": "OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1781", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1782" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71929", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7177", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71827", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71812", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71846", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71879", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71843", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71872", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71737", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71782", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71788", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1338830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1338830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/65", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/65" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220" }, { "reference_url": "http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70220" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608" }, { "reference_url": "https://github.com/advisories/GHSA-92hc-c226-32q7", "reference_id": "GHSA-92hc-c226-32q7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92hc-c226-32q7" }, { "reference_url": "https://usn.ubuntu.com/2407-1/", "reference_id": "USN-2407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-3608", "GHSA-92hc-c226-32q7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5600?format=api", "vulnerability_id": "VCID-y8va-eyt2-3kfv", "summary": "OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1596", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15876", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15831", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15998", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16021", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15915", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15939", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1584", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15729", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15853", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15948", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15872", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15888", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15958", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1602", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15893", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2687" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1419577", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1419577" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205313", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2687" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2687", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2687" }, { "reference_url": "https://review.openstack.org/#/c/338929", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/338929" }, { "reference_url": "https://review.openstack.org/#/c/338929/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://review.openstack.org/#/c/338929/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/24/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/24/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/03/25/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/03/25/3" }, { "reference_url": "http://www.securityfocus.com/bid/77505", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.securityfocus.com/bid/77505" }, { "reference_url": "https://github.com/advisories/GHSA-97fv-22hc-mrgj", "reference_id": "GHSA-97fv-22hc-mrgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97fv-22hc-mrgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2015-2687", "GHSA-97fv-22hc-mrgj", "PYSEC-2017-145" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8va-eyt2-3kfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86191?format=api", "vulnerability_id": "VCID-ykzj-fz7y-eug8", "summary": "Trove: potential leak of passwords into log files", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-1939.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30919", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31368", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31365", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31419", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31449", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31452", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31373", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31407", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31387", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31358", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31188", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31065", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30986", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30834", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30904", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30909", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30824", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30847", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7230" }, { "reference_url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/oslo-incubator/+bug/1343604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230" }, { "reference_url": "http://seclists.org/oss-sec/2014/q3/853", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2014/q3/853" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96725" }, { "reference_url": "http://www.securityfocus.com/bid/70185", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/70185" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2405-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2405-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147722", "reference_id": "1147722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147722" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704", "reference_id": "765704", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714", "reference_id": "765714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7230", "reference_id": "CVE-2014-7230", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1939", "reference_id": "RHSA-2014:1939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1939" }, { "reference_url": "https://usn.ubuntu.com/2405-1/", "reference_id": "USN-2405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2405-1/" }, { "reference_url": "https://usn.ubuntu.com/2407-1/", "reference_id": "USN-2407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037212?format=api", "purl": "pkg:deb/debian/nova@2014.1.3-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-7yp4-ebnm-g3c3" }, { "vulnerability": "VCID-9se5-m6dx-8kcj" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-k48d-ecqx-m3ed" }, { "vulnerability": "VCID-nb1y-cbzs-abhc" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11" } ], "aliases": [ "CVE-2014-7230" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=api", "vulnerability_id": "VCID-zy9m-d25c-5uga", "summary": "OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87791", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.8777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87757", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87701", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87746", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87906", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87861", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87874", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87819", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87832", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87847", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87864", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5" }, { "reference_url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f" }, { "reference_url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397" }, { "reference_url": "https://launchpad.net/bugs/1449062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1449062" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/06/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/8" }, { "reference_url": "http://www.securityfocus.com/bid/76849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76849" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162" }, { "reference_url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx", "reference_id": "GHSA-g2j5-7vgx-6xrx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2923", "reference_id": "RHSA-2016:2923", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2991", "reference_id": "RHSA-2016:2991", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2991" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0153", "reference_id": "RHSA-2017:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0156", "reference_id": "RHSA-2017:0156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0165", "reference_id": "RHSA-2017:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0282", "reference_id": "RHSA-2017:0282", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0282" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037213?format=api", "purl": "pkg:deb/debian/nova@2:13.1.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fb2-ccby-7yfq" }, { "vulnerability": "VCID-1qbm-qguj-gkem" }, { "vulnerability": "VCID-2dpk-ncrc-1fcw" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-cwub-w9dp-wfgy" }, { "vulnerability": "VCID-cy7p-gzf8-eqcj" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-jdb7-71q5-pfcx" }, { "vulnerability": "VCID-qfdm-g857-3yb5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-5162", "GHSA-g2j5-7vgx-6xrx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-18" }