{"url":"http://public2.vulnerablecode.io/api/packages/1049708?format=json","purl":"pkg:deb/debian/glance@2014.1.3-12%2Bdeb8u1","type":"deb","namespace":"debian","name":"glance","version":"2014.1.3-12+deb8u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:25.1.0-2+deb12u2","latest_non_vulnerable_version":"2:32.0.0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55241?format=json","vulnerability_id":"VCID-9sg5-tbvn-syba","summary":"OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1897","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1897"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5286"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55591","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55743","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55747","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55725","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55667","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55643","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55731","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5286"},{"reference_url":"https://bugs.launchpad.net/bugs/1498163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/bugs/1498163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1267516","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1267516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5286"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-020.html"},{"reference_url":"https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943"},{"reference_url":"http://www.securityfocus.com/bid/76943","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741","reference_id":"800741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-gvjg-r9fv-7qx9","reference_id":"GHSA-gvjg-r9fv-7qx9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvjg-r9fv-7qx9"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2015-5286","GHSA-gvjg-r9fv-7qx9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sg5-tbvn-syba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=json","vulnerability_id":"VCID-br4q-499g-vqhg","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72764","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.7263","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72679","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72706","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72653","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049712?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55975?format=json","vulnerability_id":"VCID-g1mf-hrds-bubz","summary":"OpenStack Image Service (Glance) vulnerable to Improper Access Control\nOpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0309.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0309.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0309","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0352","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0354","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0358","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0358"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-0757","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-0757"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0757","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36176","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36371","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36279","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36298","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3623","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35877","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302607","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-0309.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-0309.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-006.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-006.html"},{"reference_url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696"},{"reference_url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/"},{"reference_url":"http://www.securityfocus.com/bid/82696","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/82696"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757","reference_id":"CVE-2016-0757","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757"},{"reference_url":"https://github.com/advisories/GHSA-5xrj-ghhp-hx7p","reference_id":"GHSA-5xrj-ghhp-hx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xrj-ghhp-hx7p"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2016-0757","GHSA-5xrj-ghhp-hx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1mf-hrds-bubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=json","vulnerability_id":"VCID-h6rd-5p7q-s3gq","summary":"OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44353","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049713?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1"}],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5481?format=json","vulnerability_id":"VCID-hbpu-kpak-2uer","summary":"The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1639.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1639.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1639","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1639"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5163"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46791","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46841","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4683","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46898","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46901","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46846","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51017","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5163"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1471912","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1471912"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252378","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5163"},{"reference_url":"https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346"},{"reference_url":"http://www.securityfocus.com/bid/76346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453","reference_id":"795453","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453"},{"reference_url":"https://github.com/advisories/GHSA-q73f-vjc2-3gqf","reference_id":"GHSA-q73f-vjc2-3gqf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q73f-vjc2-3gqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2015-5163","GHSA-q73f-vjc2-3gqf","PYSEC-2015-39"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpu-kpak-2uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57914?format=json","vulnerability_id":"VCID-k2u9-5g8v-bucz","summary":"OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1897","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1897"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5251"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37975","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38524","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38387","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38086","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5251"},{"reference_url":"https://bugs.launchpad.net/bugs/1482371","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/bugs/1482371"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1263511","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1263511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5251"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-019.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931","reference_id":"799931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-q748-mcwg-xmqv","reference_id":"GHSA-q748-mcwg-xmqv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q748-mcwg-xmqv"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2015-5251","GHSA-q748-mcwg-xmqv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2u9-5g8v-bucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59896?format=json","vulnerability_id":"VCID-ruvh-knrw-pygu","summary":"OpenStack Glance Server-Side Request Forgery (SSRF)\nAn SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7200","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59028","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59308","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59287","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7200"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1153614","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1153614"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1606495","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1606495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7200","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7200"},{"reference_url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0078","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0078"},{"reference_url":"http://www.securityfocus.com/bid/96988","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/96988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1434244","reference_id":"1434244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1434244"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-j6mr-cm6x-h6jg","reference_id":"GHSA-j6mr-cm6x-h6jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6mr-cm6x-h6jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049710?format=json","purl":"pkg:deb/debian/glance@2:13.0.0-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:13.0.0-4"}],"aliases":["CVE-2017-7200","GHSA-j6mr-cm6x-h6jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruvh-knrw-pygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85577?format=json","vulnerability_id":"VCID-tafu-6gx3-n7bf","summary":"openstack-glance: potential resource exhaustion task flow API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3289","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58233","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58319","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58313","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58372","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58384","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58322","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62072","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243927","reference_id":"1243927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243927"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896","reference_id":"793896","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2015-3289"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tafu-6gx3-n7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=json","vulnerability_id":"VCID-zy9m-d25c-5uga","summary":"OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162","reference_id":"","reference_type":"","scores":[{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87746","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.8777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87832","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5"},{"reference_url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f"},{"reference_url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397"},{"reference_url":"https://launchpad.net/bugs/1449062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1449062"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/06/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/10/06/8"},{"reference_url":"http://www.securityfocus.com/bid/76849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76849"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162"},{"reference_url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx","reference_id":"GHSA-g2j5-7vgx-6xrx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2923","reference_id":"RHSA-2016:2923","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2991","reference_id":"RHSA-2016:2991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0153","reference_id":"RHSA-2017:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0156","reference_id":"RHSA-2017:0156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0165","reference_id":"RHSA-2017:0165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0282","reference_id":"RHSA-2017:0282","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0282"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049709?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-ruvh-knrw-pygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-3~bpo8%252B1"}],"aliases":["CVE-2015-5162","GHSA-g2j5-7vgx-6xrx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12%252Bdeb8u1"}