{"url":"http://public2.vulnerablecode.io/api/packages/12722?format=json","purl":"pkg:pypi/nova@16.1.8","type":"pypi","namespace":"","name":"nova","version":"16.1.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7199?format=json","vulnerability_id":"VCID-124a-e1xg-ufhd","summary":"keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10886","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1174608","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1174608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce"},{"reference_url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7"},{"reference_url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60"},{"reference_url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/2"},{"reference_url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv","reference_id":"GHSA-pxxv-rv32-2qgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv"}],"fixed_packages":[],"aliases":["CVE-2013-2030","GHSA-pxxv-rv32-2qgv","PYSEC-2013-45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-124a-e1xg-ufhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7740?format=json","vulnerability_id":"VCID-2ba7-wb9n-q3d8","summary":"An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2622","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2631","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2652","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2652"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80053","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml"},{"reference_url":"https://launchpad.net/bugs/1837877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1837877"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2019-003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2019-003.html"},{"reference_url":"https://usn.ubuntu.com/4104-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4104-1"},{"reference_url":"https://usn.ubuntu.com/4104-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4104-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/06/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/06/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735522","reference_id":"1735522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735522"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114","reference_id":"934114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114"},{"reference_url":"https://github.com/advisories/GHSA-pg64-r7rr-phv8","reference_id":"GHSA-pg64-r7rr-phv8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pg64-r7rr-phv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12736?format=json","purl":"pkg:pypi/nova@17.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-s6r7-gev3-e7fk"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@17.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/12737?format=json","purl":"pkg:pypi/nova@18.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-s6r7-gev3-e7fk"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/12735?format=json","purl":"pkg:pypi/nova@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-s6r7-gev3-e7fk"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.2"}],"aliases":["CVE-2019-14433","GHSA-pg64-r7rr-phv8","PYSEC-2019-191"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ba7-wb9n-q3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16748?format=json","vulnerability_id":"VCID-3ekz-4ahc-5ybh","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.70229","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62573?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/584807?format=json","purl":"pkg:pypi/nova@24.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62574?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/584808?format=json","purl":"pkg:pypi/nova@25.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.1.0"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekz-4ahc-5ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16310?format=json","vulnerability_id":"VCID-3gk8-wbuj-xfc2","summary":"OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74278","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280"},{"reference_url":"https://launchpad.net/bugs/1392527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1392527"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-017.html"},{"reference_url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76553"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883","reference_id":"798883","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280"},{"reference_url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7","reference_id":"GHSA-mfmj-gwg3-vhw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61813?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/61814?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-3280","GHSA-mfmj-gwg3-vhw7"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk8-wbuj-xfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16432?format=json","vulnerability_id":"VCID-3qv3-8zyv-x7hv","summary":"OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77908","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1358583","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1358583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777"},{"reference_url":"http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70777"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3708"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708"},{"reference_url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg","reference_id":"GHSA-43hc-pwvx-pmfg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61809?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62049?format=json","purl":"pkg:pypi/nova@2014.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.1"}],"aliases":["CVE-2014-3708","GHSA-43hc-pwvx-pmfg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qv3-8zyv-x7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16308?format=json","vulnerability_id":"VCID-5p29-z3wj-5keu","summary":"Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0790","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42583","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1409142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1409142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250","reference_id":"780250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-0259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259"},{"reference_url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf","reference_id":"GHSA-x8xr-rm9r-7mvf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61809?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/61810?format=json","purl":"pkg:pypi/nova@2014.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.3"}],"aliases":["CVE-2015-0259","GHSA-x8xr-rm9r-7mvf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p29-z3wj-5keu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16335?format=json","vulnerability_id":"VCID-5sbw-2suq-5qby","summary":"OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64994","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1194093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1194093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/281","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/281"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905","reference_id":"718905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-2256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256"},{"reference_url":"https://github.com/advisories/GHSA-5mj6-643f-2g85","reference_id":"GHSA-5mj6-643f-2g85","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5mj6-643f-2g85"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61855?format=json","purl":"pkg:pypi/nova@2013.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.1.3"}],"aliases":["CVE-2013-2256","GHSA-5mj6-643f-2g85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbw-2suq-5qby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16408?format=json","vulnerability_id":"VCID-7uh3-vxfa-pbdb","summary":"OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1723","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83833","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707"},{"reference_url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1"},{"reference_url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff"},{"reference_url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"},{"reference_url":"https://launchpad.net/bugs/1387543","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1387543"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-015.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-015.html"},{"reference_url":"http://www.securityfocus.com/bid/75372","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/75372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109","reference_id":"796109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3241"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241"},{"reference_url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx","reference_id":"GHSA-3vx7-xff6-h2vx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62011?format=json","purl":"pkg:pypi/nova@112.0.0.0b3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@112.0.0.0b3"}],"aliases":["CVE-2015-3241","GHSA-3vx7-xff6-h2vx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uh3-vxfa-pbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15181?format=json","vulnerability_id":"VCID-ajec-k7qb-6yek","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654","reference_id":"","reference_type":"","scores":[{"value":"0.87177","scoring_system":"epss","scoring_elements":"0.99462","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1927677","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1927677"},{"reference_url":"https://bugs.python.org/issue32084","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.python.org/issue32084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"},{"reference_url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"},{"reference_url":"https://security.gentoo.org/glsa/202305-02","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202305-02"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2021-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2021-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/07/29/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2021/07/29/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441","reference_id":"991441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654","reference_id":"CVE-2021-3654","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654"},{"reference_url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp","reference_id":"GHSA-vqp6-j452-j6wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0983","reference_id":"RHSA-2022:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0999","reference_id":"RHSA-2022:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0999"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59862?format=json","purl":"pkg:pypi/nova@21.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/59863?format=json","purl":"pkg:pypi/nova@22.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/518290?format=json","purl":"pkg:pypi/nova@22.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59864?format=json","purl":"pkg:pypi/nova@23.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/518293?format=json","purl":"pkg:pypi/nova@23.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.1.0"}],"aliases":["CVE-2021-3654","GHSA-vqp6-j452-j6wp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajec-k7qb-6yek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16516?format=json","vulnerability_id":"VCID-eat8-r11q-m3eg","summary":"OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2673","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2684","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0017","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0017"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1491307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1491307"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1492961","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1492961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-021.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-021.html"},{"reference_url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960"},{"reference_url":"http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76960"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-7713"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713"},{"reference_url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr","reference_id":"GHSA-67rh-9p29-vrxr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61813?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/61814?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-7713","GHSA-67rh-9p29-vrxr"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eat8-r11q-m3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/254487?format=json","vulnerability_id":"VCID-ef5k-jqxk-ukag","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43956","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"CVE-2024-32498","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef5k-jqxk-ukag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202048?format=json","vulnerability_id":"VCID-fpvj-5qws-tydy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50302","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1981813","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1981813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde"},{"reference_url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206"},{"reference_url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44"},{"reference_url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a"},{"reference_url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e"},{"reference_url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/849985","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/849985"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/850003","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/850003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980","reference_id":"1016980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333","reference_id":"2117333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394","reference_id":"CVE-2022-37394","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394"},{"reference_url":"https://github.com/advisories/GHSA-v725-c588-h936","reference_id":"GHSA-v725-c588-h936","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v725-c588-h936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1948","reference_id":"RHSA-2023:1948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1948"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78734?format=json","purl":"pkg:pypi/nova@23.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/533819?format=json","purl":"pkg:pypi/nova@24.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/62573?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/533822?format=json","purl":"pkg:pypi/nova@25.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/62574?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"}],"aliases":["CVE-2022-37394","GHSA-v725-c588-h936"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpvj-5qws-tydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16446?format=json","vulnerability_id":"VCID-jdq5-r57v-6kdj","summary":"OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1781","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1782"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72084","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1338830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1338830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/65","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/65"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220"},{"reference_url":"http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70220"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608"},{"reference_url":"https://github.com/advisories/GHSA-92hc-c226-32q7","reference_id":"GHSA-92hc-c226-32q7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-92hc-c226-32q7"},{"reference_url":"https://usn.ubuntu.com/2407-1/","reference_id":"USN-2407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62082?format=json","purl":"pkg:pypi/nova@2014.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.3"}],"aliases":["CVE-2014-3608","GHSA-92hc-c226-32q7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdq5-r57v-6kdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16465?format=json","vulnerability_id":"VCID-q2pf-qwnc-5qa2","summary":"Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1084"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1325128","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1325128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/07/17/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042","reference_id":"755042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517"},{"reference_url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5","reference_id":"GHSA-xjmj-p278-4jp5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5"},{"reference_url":"https://usn.ubuntu.com/2325-1/","reference_id":"USN-2325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62117?format=json","purl":"pkg:pypi/nova@2013.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62118?format=json","purl":"pkg:pypi/nova@2014.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.2"}],"aliases":["CVE-2014-3517","GHSA-xjmj-p278-4jp5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2pf-qwnc-5qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100133?format=json","vulnerability_id":"VCID-s6r7-gev3-e7fk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2422","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232"},{"reference_url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e"},{"reference_url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3"},{"reference_url":"https://launchpad.net/bugs/1492140","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1492140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543"},{"reference_url":"https://review.opendev.org/220622","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/220622"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-001.html","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-001.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/02/19/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805386","reference_id":"1805386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805386"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635","reference_id":"951635","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635"},{"reference_url":"https://github.com/advisories/GHSA-22jm-4hxw-35jf","reference_id":"GHSA-22jm-4hxw-35jf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22jm-4hxw-35jf"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/241489?format=json","purl":"pkg:pypi/nova@18.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/16855?format=json","purl":"pkg:pypi/nova@18.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@18.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/16859?format=json","purl":"pkg:pypi/nova@19.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/16864?format=json","purl":"pkg:pypi/nova@20.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"},{"vulnerability":"VCID-ywya-kfum-mke1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.1.0"}],"aliases":["CVE-2015-9543","GHSA-22jm-4hxw-35jf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6r7-gev3-e7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82106?format=json","vulnerability_id":"VCID-t13y-haaf-7bfk","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4179"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71678","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1190229","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1190229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.ubuntu.com/usn/USN-2005-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2005-1"},{"reference_url":"https://github.com/advisories/GHSA-j6xh-q826-55jw","reference_id":"GHSA-j6xh-q826-55jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j6xh-q826-55jw"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"},{"reference_url":"https://usn.ubuntu.com/2005-1/","reference_id":"USN-2005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215246?format=json","purl":"pkg:pypi/nova@2013.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2"}],"aliases":["CVE-2013-4179","GHSA-j6xh-q826-55jw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t13y-haaf-7bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22625?format=json","vulnerability_id":"VCID-u19q-tztn-gbdk","summary":"OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05485","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/2137507","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://bugs.launchpad.net/nova/+bug/2137507"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/02/17/7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/02/17/7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294","reference_id":"1128294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312","reference_id":"2430312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708","reference_id":"CVE-2026-24708","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708"},{"reference_url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6","reference_id":"GHSA-m4f3-qp2w-gwh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7884","reference_id":"RHSA-2026:7884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7884"},{"reference_url":"https://usn.ubuntu.com/8049-1/","reference_id":"USN-8049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8049-1/"}],"fixed_packages":[],"aliases":["CVE-2026-24708","GHSA-m4f3-qp2w-gwh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u19q-tztn-gbdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261071?format=json","vulnerability_id":"VCID-vr1y-xf1h-gbhf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74947","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://launchpad.net/bugs/2071734","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://launchpad.net/bugs/2071734"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/924731","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/924731"},{"reference_url":"https://security.openstack.org","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/23/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/23/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217","reference_id":"2297217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767","reference_id":"CVE-2024-40767","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767"},{"reference_url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m","reference_id":"GHSA-rm86-h44c-2r2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5082","reference_id":"RHSA-2024:5082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5083","reference_id":"RHSA-2024:5083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5083"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5097","reference_id":"RHSA-2024:5097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5113","reference_id":"RHSA-2024:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5113"},{"reference_url":"https://usn.ubuntu.com/6911-1/","reference_id":"USN-6911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/699925?format=json","purl":"pkg:pypi/nova@28.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-u19q-tztn-gbdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@28.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/699928?format=json","purl":"pkg:pypi/nova@29.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-u19q-tztn-gbdk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@29.0.0.0rc1"}],"aliases":["CVE-2024-40767","GHSA-rm86-h44c-2r2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr1y-xf1h-gbhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7943?format=json","vulnerability_id":"VCID-ywya-kfum-mke1","summary":"An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60027","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff"},{"reference_url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d"},{"reference_url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db"},{"reference_url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb"},{"reference_url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml"},{"reference_url":"https://launchpad.net/bugs/1890501","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1890501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-006.html","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-006.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/25/4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/25/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869426","reference_id":"1869426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869426"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052","reference_id":"969052","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052"},{"reference_url":"https://github.com/advisories/GHSA-c7w7-9c85-4qxv","reference_id":"GHSA-c7w7-9c85-4qxv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c7w7-9c85-4qxv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3702","reference_id":"RHSA-2020:3702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3704","reference_id":"RHSA-2020:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3706","reference_id":"RHSA-2020:3706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3708","reference_id":"RHSA-2020:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3711","reference_id":"RHSA-2020:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3711"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16869?format=json","purl":"pkg:pypi/nova@19.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/16870?format=json","purl":"pkg:pypi/nova@20.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/518273?format=json","purl":"pkg:pypi/nova@20.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/16871?format=json","purl":"pkg:pypi/nova@21.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124a-e1xg-ufhd"},{"vulnerability":"VCID-3ekz-4ahc-5ybh"},{"vulnerability":"VCID-3gk8-wbuj-xfc2"},{"vulnerability":"VCID-3qv3-8zyv-x7hv"},{"vulnerability":"VCID-5p29-z3wj-5keu"},{"vulnerability":"VCID-5sbw-2suq-5qby"},{"vulnerability":"VCID-7uh3-vxfa-pbdb"},{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-eat8-r11q-m3eg"},{"vulnerability":"VCID-ef5k-jqxk-ukag"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-jdq5-r57v-6kdj"},{"vulnerability":"VCID-q2pf-qwnc-5qa2"},{"vulnerability":"VCID-t13y-haaf-7bfk"},{"vulnerability":"VCID-u19q-tztn-gbdk"},{"vulnerability":"VCID-vr1y-xf1h-gbhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0"}],"aliases":["CVE-2020-17376","GHSA-c7w7-9c85-4qxv","PYSEC-2020-243"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywya-kfum-mke1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@16.1.8"}