Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049706?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049706?format=api", "purl": "pkg:deb/debian/glance@2012.1.1-5", "type": "deb", "namespace": "debian", "name": "glance", "version": "2012.1.1-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:25.1.0-2+deb12u3", "latest_non_vulnerable_version": "2:32.0.0-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55241?format=api", "vulnerability_id": "VCID-9sg5-tbvn-syba", "summary": "OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1897", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1897" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5286" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55736", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55747", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5565", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55667", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55643", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55591", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55638", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55695", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55651", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55677", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5286" }, { "reference_url": "https://bugs.launchpad.net/bugs/1498163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/bugs/1498163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-020.html" }, { "reference_url": "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943" }, { "reference_url": "http://www.securityfocus.com/bid/76943", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/76943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741", "reference_id": "800741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gvjg-r9fv-7qx9", "reference_id": "GHSA-gvjg-r9fv-7qx9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvjg-r9fv-7qx9" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5286", "GHSA-gvjg-r9fv-7qx9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9sg5-tbvn-syba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6864?format=api", "vulnerability_id": "VCID-9zm2-a38f-33g3", "summary": "Improper Access Control\nWhen the `download_image` policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52718", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.5271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52761", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.5279", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52811", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52818", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52751", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52666", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52727", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52754", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52829", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4428" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1235378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/glance/+bug/1235378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428" }, { "reference_url": "https://github.com/openstack/glance/commit/a50bfb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/glance/commit/a50bfb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019572", "reference_id": "1019572", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019572" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478", "reference_id": "726478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1525", "reference_id": "RHSA-2013:1525", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1525" }, { "reference_url": "https://usn.ubuntu.com/2003-1/", "reference_id": "USN-2003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2013-4428" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zm2-a38f-33g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=api", "vulnerability_id": "VCID-br4q-499g-vqhg", "summary": "OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.70075", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.7263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72764", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72794", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72819", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72782", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72806", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1996188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://launchpad.net/bugs/1996188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-002.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5336" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5337" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561", "reference_id": "1029561", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562", "reference_id": "1029562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563", "reference_id": "1029563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812", "reference_id": "2161812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951", "reference_id": "CVE-2022-47951", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951" }, { "reference_url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc", "reference_id": "GHSA-7h75-hwxx-qpgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1015", "reference_id": "RHSA-2023:1015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1016", "reference_id": "RHSA-2023:1016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1017", "reference_id": "RHSA-2023:1017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1278", "reference_id": "RHSA-2023:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1279", "reference_id": "RHSA-2023:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1280", "reference_id": "RHSA-2023:1280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1280" }, { "reference_url": "https://usn.ubuntu.com/5835-1/", "reference_id": "USN-5835-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-1/" }, { "reference_url": "https://usn.ubuntu.com/5835-2/", "reference_id": "USN-5835-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-2/" }, { "reference_url": "https://usn.ubuntu.com/5835-3/", "reference_id": "USN-5835-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-3/" }, { "reference_url": "https://usn.ubuntu.com/5835-4/", "reference_id": "USN-5835-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-4/" }, { "reference_url": "https://usn.ubuntu.com/5835-5/", "reference_id": "USN-5835-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-5/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049712?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1" } ], "aliases": [ "CVE-2022-47951", "GHSA-7h75-hwxx-qpgc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55776?format=api", "vulnerability_id": "VCID-fh42-vdj2-dqgu", "summary": "OpenStack Glance Bypass the storage quota and Denial of service\nOpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53505", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53489", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53442", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53486", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53601", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5353", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5759", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57733", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57729", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9623" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1383973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1383973" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1398830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1398830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623" }, { "reference_url": "http://secunia.com/advisories/62165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/62165" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea" }, { "reference_url": "https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31" }, { "reference_url": "https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9623" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-003.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/18/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183647", "reference_id": "1183647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183647" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580", "reference_id": "776580", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580" }, { "reference_url": "https://github.com/advisories/GHSA-j4mh-9wq6-8rg6", "reference_id": "GHSA-j4mh-9wq6-8rg6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4mh-9wq6-8rg6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0644", "reference_id": "RHSA-2015:0644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0837", "reference_id": "RHSA-2015:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0838", "reference_id": "RHSA-2015:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0838" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2014-9623", "GHSA-j4mh-9wq6-8rg6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fh42-vdj2-dqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86027?format=api", "vulnerability_id": "VCID-fwaa-nnw4-1qcz", "summary": "openstack-glance: unrestricted path traversal flaw", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.7331", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73179", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73188", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73181", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73229", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73227", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73221", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73247", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73271", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73231", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73255", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9493" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1400966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/glance/+bug/1400966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2014-041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "reference_url": "http://www.securityfocus.com/bid/71688", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174474", "reference_id": "1174474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174474" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836", "reference_id": "773836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9493", "reference_id": "CVE-2014-9493", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0246", "reference_id": "RHSA-2015:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2014-9493" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwaa-nnw4-1qcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55975?format=api", "vulnerability_id": "VCID-g1mf-hrds-bubz", "summary": "OpenStack Image Service (Glance) vulnerable to Improper Access Control\nOpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0309", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0354", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0358", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0358" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0757" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35848", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36287", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36279", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36254", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35997", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35966", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35877", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3576", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35829", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35849", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35781", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36403", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36238", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0309.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0309.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-006.html" }, { "reference_url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696" }, { "reference_url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/" }, { "reference_url": "http://www.securityfocus.com/bid/82696", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/82696" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0757", "reference_id": "CVE-2016-0757", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0757" }, { "reference_url": "https://github.com/advisories/GHSA-5xrj-ghhp-hx7p", "reference_id": "GHSA-5xrj-ghhp-hx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xrj-ghhp-hx7p" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2016-0757", "GHSA-5xrj-ghhp-hx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1mf-hrds-bubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=api", "vulnerability_id": "VCID-h6rd-5p7q-s3gq", "summary": "OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39802", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43927", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43803", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44448", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44417", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44384", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44431", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44353", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498" }, { "reference_url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e" }, { "reference_url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40" }, { "reference_url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9" }, { "reference_url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175" }, { "reference_url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973" }, { "reference_url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f" }, { "reference_url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df" }, { "reference_url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927" }, { "reference_url": "https://launchpad.net/bugs/2059809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://launchpad.net/bugs/2059809" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-001.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761", "reference_id": "1074761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762", "reference_id": "1074762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763", "reference_id": "1074763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663", "reference_id": "2278663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663" }, { "reference_url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph", "reference_id": "GHSA-r4v4-w9pv-6fph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4272", "reference_id": "RHSA-2024:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4273", "reference_id": "RHSA-2024:4273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4274", "reference_id": "RHSA-2024:4274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4425", "reference_id": "RHSA-2024:4425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4425" }, { "reference_url": "https://usn.ubuntu.com/6882-1/", "reference_id": "USN-6882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-1/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" }, { "reference_url": "https://usn.ubuntu.com/6883-1/", "reference_id": "USN-6883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6883-1/" }, { "reference_url": "https://usn.ubuntu.com/6884-1/", "reference_id": "USN-6884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6884-1/" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049713?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2024-32498", "GHSA-r4v4-w9pv-6fph" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5481?format=api", "vulnerability_id": "VCID-hbpu-kpak-2uer", "summary": "The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1639", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1639" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5163" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.4684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46846", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46901", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46898", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.4683", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46841", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46791", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51094", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51172", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51017", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51069", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51107", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51064", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5163" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1471912", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1471912" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5163" }, { "reference_url": "https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346" }, { "reference_url": "http://www.securityfocus.com/bid/76346", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/76346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453", "reference_id": "795453", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453" }, { "reference_url": "https://github.com/advisories/GHSA-q73f-vjc2-3gqf", "reference_id": "GHSA-q73f-vjc2-3gqf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q73f-vjc2-3gqf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5163", "GHSA-q73f-vjc2-3gqf", "PYSEC-2015-39" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpu-kpak-2uer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57914?format=api", "vulnerability_id": "VCID-k2u9-5g8v-bucz", "summary": "OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1897", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1897" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5251" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38025", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38425", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38205", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38086", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37975", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38046", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38058", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37973", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3795", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38499", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38524", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38387", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5251" }, { "reference_url": "https://bugs.launchpad.net/bugs/1482371", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/bugs/1482371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931", "reference_id": "799931", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-q748-mcwg-xmqv", "reference_id": "GHSA-q748-mcwg-xmqv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q748-mcwg-xmqv" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5251", "GHSA-q748-mcwg-xmqv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2u9-5g8v-bucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59896?format=api", "vulnerability_id": "VCID-ruvh-knrw-pygu", "summary": "OpenStack Glance Server-Side Request Forgery (SSRF)\nAn SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59028", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59126", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59287", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59327", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59285", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5941", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59338", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59311", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59352", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59295", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59246", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59289", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59304", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7200" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1153614", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1153614" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1606495", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1606495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7200" }, { "reference_url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0078", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0078" }, { "reference_url": "http://www.securityfocus.com/bid/96988", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434244", "reference_id": "1434244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434244" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-j6mr-cm6x-h6jg", "reference_id": "GHSA-j6mr-cm6x-h6jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6mr-cm6x-h6jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049710?format=api", "purl": "pkg:deb/debian/glance@2:13.0.0-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:13.0.0-4" } ], "aliases": [ "CVE-2017-7200", "GHSA-j6mr-cm6x-h6jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruvh-knrw-pygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15805?format=api", "vulnerability_id": "VCID-t91r-2xja-17hy", "summary": "OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme\nThe V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a `filesystem://` URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78275", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78123", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78122", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78155", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78168", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78181", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78207", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78223", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78214", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78234", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78031", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78039", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78077", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78082", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78108", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78091", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1195" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1408663", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1408663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195" }, { "reference_url": "http://secunia.com/advisories/62169", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/62169" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088" }, { "reference_url": "https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99" }, { "reference_url": "https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/15/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/18/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "http://www.securityfocus.com/bid/71976", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/71976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181533", "reference_id": "1181533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181533" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926", "reference_id": "775926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1195", "reference_id": "CVE-2015-1195", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1195" }, { "reference_url": "https://github.com/advisories/GHSA-pwrj-f53c-f89j", "reference_id": "GHSA-pwrj-f53c-f89j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwrj-f53c-f89j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2015-1195", "GHSA-pwrj-f53c-f89j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t91r-2xja-17hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85577?format=api", "vulnerability_id": "VCID-tafu-6gx3-n7bf", "summary": "openstack-glance: potential resource exhaustion task flow API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58233", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58372", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58367", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58384", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58361", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58322", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58335", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62126", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62072", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62181", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62136", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62162", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62217", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243927", "reference_id": "1243927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243927" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896", "reference_id": "793896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2015-3289" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tafu-6gx3-n7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57709?format=api", "vulnerability_id": "VCID-uveb-gt8h-1kcr", "summary": "OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability\nThe Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0455" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0162" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68373", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68262", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68266", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6824", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68285", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68322", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68287", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68314", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68204", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68231", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68211", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68254", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162" }, { "reference_url": "https://launchpad.net/bugs/1298698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1298698" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0162" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/10/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2193-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2193-1" }, { "reference_url": "https://github.com/advisories/GHSA-r7pj-rvwg-vxhr", "reference_id": "GHSA-r7pj-rvwg-vxhr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7pj-rvwg-vxhr" }, { "reference_url": "https://usn.ubuntu.com/2193-1/", "reference_id": "USN-2193-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2193-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2014-0162", "GHSA-r7pj-rvwg-vxhr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uveb-gt8h-1kcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54464?format=api", "vulnerability_id": "VCID-wvq2-r6u8-7bet", "summary": "OpenStack Glance improper validation of the image_size_cap configuration option\nOpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.7428", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74152", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74161", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74186", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74195", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74194", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74188", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74216", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74238", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74201", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74224", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74068", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74101", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74137", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74119", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74113", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5356" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1315321", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1315321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356" }, { "reference_url": "http://secunia.com/advisories/60743", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60743" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47" }, { "reference_url": "https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312" }, { "reference_url": "https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5356" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/08/21/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2322-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2322-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131770", "reference_id": "1131770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131770" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-479j-jf2p-38pg", "reference_id": "GHSA-479j-jf2p-38pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-479j-jf2p-38pg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1337", "reference_id": "RHSA-2014:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1338", "reference_id": "RHSA-2014:1338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1685", "reference_id": "RHSA-2014:1685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1685" }, { "reference_url": "https://usn.ubuntu.com/2322-1/", "reference_id": "USN-2322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2014-5356", "GHSA-479j-jf2p-38pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvq2-r6u8-7bet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5356?format=api", "vulnerability_id": "VCID-zgpj-5an4-mucg", "summary": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19283", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19496", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1926", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19391", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19395", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19252", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19261", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19271", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1917", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19117", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19009", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1909", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19185", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19148", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19184", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1948" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1275062", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1275062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948" }, { "reference_url": "http://secunia.com/advisories/56419", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/56419" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba" }, { "reference_url": "https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1948" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/12/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18" }, { "reference_url": "http://www.securityfocus.com/bid/65507", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064589", "reference_id": "1064589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924", "reference_id": "738924", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924" }, { "reference_url": "https://github.com/advisories/GHSA-4xw6-hj5p-4j79", "reference_id": "GHSA-4xw6-hj5p-4j79", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xw6-hj5p-4j79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0229", "reference_id": "RHSA-2014:0229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049707?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9sg5-tbvn-syba" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-g1mf-hrds-bubz" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-hbpu-kpak-2uer" }, { "vulnerability": "VCID-k2u9-5g8v-bucz" }, { "vulnerability": "VCID-ruvh-knrw-pygu" }, { "vulnerability": "VCID-tafu-6gx3-n7bf" }, { "vulnerability": "VCID-zy9m-d25c-5uga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12" } ], "aliases": [ "CVE-2014-1948", "GHSA-4xw6-hj5p-4j79", "PYSEC-2014-102" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpj-5an4-mucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=api", "vulnerability_id": "VCID-zy9m-d25c-5uga", "summary": "OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87791", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.8777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87757", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87701", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87746", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87906", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87861", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87874", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87819", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87832", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87847", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87864", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5" }, { "reference_url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f" }, { "reference_url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397" }, { "reference_url": "https://launchpad.net/bugs/1449062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1449062" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/06/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/8" }, { "reference_url": "http://www.securityfocus.com/bid/76849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76849" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162" }, { "reference_url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx", "reference_id": "GHSA-g2j5-7vgx-6xrx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2923", "reference_id": "RHSA-2016:2923", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2991", "reference_id": "RHSA-2016:2991", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2991" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0153", "reference_id": "RHSA-2017:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0156", "reference_id": "RHSA-2017:0156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0165", "reference_id": "RHSA-2017:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0282", "reference_id": "RHSA-2017:0282", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0282" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049709?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-ruvh-knrw-pygu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5162", "GHSA-g2j5-7vgx-6xrx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-5" }