Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/13141?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/13141?format=api", "purl": "pkg:pypi/nova@19.3.1", "type": "pypi", "namespace": "", "name": "nova", "version": "19.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15410?format=api", "vulnerability_id": "VCID-1p1c-fevy-bydg", "summary": "Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0790", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42471", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42694", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42576", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42556", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42674", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42701", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42665", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42708", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0259" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1409142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1409142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250", "reference_id": "780250", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-0259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259", "reference_id": "CVE-2015-0259", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0259" }, { "reference_url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf", "reference_id": "GHSA-x8xr-rm9r-7mvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8xr-rm9r-7mvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54426?format=api", "purl": "pkg:pypi/nova@2014.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54427?format=api", "purl": "pkg:pypi/nova@2014.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.3" } ], "aliases": [ "CVE-2015-0259", "GHSA-x8xr-rm9r-7mvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15608?format=api", "vulnerability_id": "VCID-5nfz-1bk3-93fe", "summary": "OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1723.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1723", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83606", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83496", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83543", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83537", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83534", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83593", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83601", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0197", "scoring_system": "epss", "scoring_elements": "0.83481", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707" }, { "reference_url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1" }, { "reference_url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff" }, { "reference_url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml" }, { "reference_url": "https://launchpad.net/bugs/1387543", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1387543" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-015.html" }, { "reference_url": "http://www.securityfocus.com/bid/75372", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/75372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109", "reference_id": "796109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3241" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241", "reference_id": "CVE-2015-3241", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3241" }, { "reference_url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx", "reference_id": "GHSA-3vx7-xff6-h2vx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vx7-xff6-h2vx" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54754?format=api", "purl": "pkg:pypi/nova@112.0.0.0b3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@112.0.0.0b3" } ], "aliases": [ "CVE-2015-3241", "GHSA-3vx7-xff6-h2vx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5346?format=api", "vulnerability_id": "VCID-5tkb-w761-4qc6", "summary": "keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10352", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10428", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10491", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10334", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10408", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1174608", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1174608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce" }, { "reference_url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7" }, { "reference_url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60" }, { "reference_url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/05/09/2" }, { "reference_url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv", "reference_id": "GHSA-pxxv-rv32-2qgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv" } ], "fixed_packages": [], "aliases": [ "CVE-2013-2030", "GHSA-pxxv-rv32-2qgv", "PYSEC-2013-45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-w761-4qc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15846?format=api", "vulnerability_id": "VCID-6n3z-x4zj-4bez", "summary": "OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2684.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2673", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2684", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:2684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0017" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81333", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81261", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81299", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81328", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81198", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01522", "scoring_system": "epss", "scoring_elements": "0.81206", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7713" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1491307", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1491307" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1492961", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1492961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-021.html" }, { "reference_url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960" }, { "reference_url": "http://www.securityfocus.com/bid/76960", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76960" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-7713" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713", "reference_id": "CVE-2015-7713", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7713" }, { "reference_url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr", "reference_id": "GHSA-67rh-9p29-vrxr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67rh-9p29-vrxr" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54432?format=api", "purl": "pkg:pypi/nova@2014.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54433?format=api", "purl": "pkg:pypi/nova@2015.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2" } ], "aliases": [ "CVE-2015-7713", "GHSA-67rh-9p29-vrxr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15663?format=api", "vulnerability_id": "VCID-bauj-n7jg-gkd2", "summary": "OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0843", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:0844" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77689", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77606", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77604", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77642", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.7764", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77666", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77674", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77545", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77588", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1358583", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1358583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777" }, { "reference_url": "http://www.securityfocus.com/bid/70777", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70777" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708", "reference_id": "CVE-2014-3708", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3708" }, { "reference_url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg", "reference_id": "GHSA-43hc-pwvx-pmfg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43hc-pwvx-pmfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54426?format=api", "purl": "pkg:pypi/nova@2014.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54817?format=api", "purl": "pkg:pypi/nova@2014.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.1" } ], "aliases": [ "CVE-2014-3708", "GHSA-43hc-pwvx-pmfg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=api", "vulnerability_id": "VCID-br4q-499g-vqhg", "summary": "OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.7263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72653", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1996188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://launchpad.net/bugs/1996188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-002.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5336" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5337" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561", "reference_id": "1029561", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562", "reference_id": "1029562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563", "reference_id": "1029563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812", "reference_id": "2161812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951", "reference_id": "CVE-2022-47951", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951" }, { "reference_url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc", "reference_id": "GHSA-7h75-hwxx-qpgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1015", "reference_id": "RHSA-2023:1015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1016", "reference_id": "RHSA-2023:1016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1017", "reference_id": "RHSA-2023:1017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1278", "reference_id": "RHSA-2023:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1279", "reference_id": "RHSA-2023:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1280", "reference_id": "RHSA-2023:1280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1280" }, { "reference_url": "https://usn.ubuntu.com/5835-1/", "reference_id": "USN-5835-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-1/" }, { "reference_url": "https://usn.ubuntu.com/5835-2/", "reference_id": "USN-5835-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-2/" }, { "reference_url": "https://usn.ubuntu.com/5835-3/", "reference_id": "USN-5835-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-3/" }, { "reference_url": "https://usn.ubuntu.com/5835-4/", "reference_id": "USN-5835-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-4/" }, { "reference_url": "https://usn.ubuntu.com/5835-5/", "reference_id": "USN-5835-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-5/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55595?format=api", "purl": "pkg:pypi/nova@24.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/354132?format=api", "purl": "pkg:pypi/nova@24.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/55596?format=api", "purl": "pkg:pypi/nova@25.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/354133?format=api", "purl": "pkg:pypi/nova@25.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.1.0" } ], "aliases": [ "CVE-2022-47951", "GHSA-7h75-hwxx-qpgc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18163?format=api", "vulnerability_id": "VCID-e6ne-73mv-73bc", "summary": "OpenStack Nova vulnerable to unauthorized access to potentially sensitive data\nIn OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74627", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://launchpad.net/bugs/2071734", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://launchpad.net/bugs/2071734" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/924731", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/924731" }, { "reference_url": "https://security.openstack.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/23/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217", "reference_id": "2297217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217" }, { "reference_url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m", "reference_id": "GHSA-rm86-h44c-2r2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5082", "reference_id": "RHSA-2024:5082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5083", "reference_id": "RHSA-2024:5083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5097", "reference_id": "RHSA-2024:5097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5113", "reference_id": "RHSA-2024:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5113" }, { "reference_url": "https://usn.ubuntu.com/6911-1/", "reference_id": "USN-6911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/694526?format=api", "purl": "pkg:pypi/nova@28.0.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@28.0.0.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/694529?format=api", "purl": "pkg:pypi/nova@29.0.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@29.0.0.0rc1" } ], "aliases": [ "CVE-2024-40767", "GHSA-rm86-h44c-2r2m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15414?format=api", "vulnerability_id": "VCID-ek6e-977t-3bew", "summary": "OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1898" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74056", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74058", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74049", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74017", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.74016", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73925", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73976", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73984", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.7396", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73931", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.73965", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280" }, { "reference_url": "https://launchpad.net/bugs/1392527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1392527" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-017.html" }, { "reference_url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "http://www.securityfocus.com/bid/76553", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76553" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883", "reference_id": "798883", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-3280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280", "reference_id": "CVE-2015-3280", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3280" }, { "reference_url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7", "reference_id": "GHSA-mfmj-gwg3-vhw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfmj-gwg3-vhw7" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54432?format=api", "purl": "pkg:pypi/nova@2014.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54433?format=api", "purl": "pkg:pypi/nova@2015.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2" } ], "aliases": [ "CVE-2015-3280", "GHSA-mfmj-gwg3-vhw7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15740?format=api", "vulnerability_id": "VCID-ex1j-py3q-93hv", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0940", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1084" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60652", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60656", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60641", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60662", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60654", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.6057", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60616", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60632", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3517" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1325128", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1325128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/07/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042", "reference_id": "755042", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517", "reference_id": "CVE-2014-3517", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3517" }, { "reference_url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5", "reference_id": "GHSA-xjmj-p278-4jp5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xjmj-p278-4jp5" }, { "reference_url": "https://usn.ubuntu.com/2325-1/", "reference_id": "USN-2325-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2325-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54943?format=api", "purl": "pkg:pypi/nova@2013.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54944?format=api", "purl": "pkg:pypi/nova@2014.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.2" } ], "aliases": [ "CVE-2014-3517", "GHSA-xjmj-p278-4jp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=api", "vulnerability_id": "VCID-h6rd-5p7q-s3gq", "summary": "OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39802", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43927", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43879", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498" }, { "reference_url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e" }, { "reference_url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40" }, { "reference_url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9" }, { "reference_url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175" }, { "reference_url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973" }, { "reference_url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f" }, { "reference_url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df" }, { "reference_url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927" }, { "reference_url": "https://launchpad.net/bugs/2059809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://launchpad.net/bugs/2059809" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-001.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761", "reference_id": "1074761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762", "reference_id": "1074762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763", "reference_id": "1074763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663", "reference_id": "2278663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663" }, { "reference_url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph", "reference_id": "GHSA-r4v4-w9pv-6fph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4272", "reference_id": "RHSA-2024:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4273", "reference_id": "RHSA-2024:4273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4274", "reference_id": "RHSA-2024:4274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4425", "reference_id": "RHSA-2024:4425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4425" }, { "reference_url": "https://usn.ubuntu.com/6882-1/", "reference_id": "USN-6882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-1/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" }, { "reference_url": "https://usn.ubuntu.com/6883-1/", "reference_id": "USN-6883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6883-1/" }, { "reference_url": "https://usn.ubuntu.com/6884-1/", "reference_id": "USN-6884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6884-1/" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-32498", "GHSA-r4v4-w9pv-6fph" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53294?format=api", "vulnerability_id": "VCID-m5vc-4my3-87gk", "summary": "OpenStack Nova Changing vnic_type breaks compute service restart\nAn issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18186", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18119", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18136", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18226", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18199", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18438", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18492", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18338", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18339", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18292", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50098", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37394" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1981813", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1981813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde" }, { "reference_url": "https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206" }, { "reference_url": "https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44" }, { "reference_url": "https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a" }, { "reference_url": "https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e" }, { "reference_url": "https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37394", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37394" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/849985", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/849985" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/850003", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/850003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980", "reference_id": "1016980", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117333", "reference_id": "2117333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117333" }, { "reference_url": "https://github.com/advisories/GHSA-v725-c588-h936", "reference_id": "GHSA-v725-c588-h936", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v725-c588-h936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1948", "reference_id": "RHSA-2023:1948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1948" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80913?format=api", "purl": "pkg:pypi/nova@23.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-s69v-tc7x-37fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302872?format=api", "purl": "pkg:pypi/nova@24.0.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55595?format=api", "purl": "pkg:pypi/nova@24.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/302875?format=api", "purl": "pkg:pypi/nova@25.0.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55596?format=api", "purl": "pkg:pypi/nova@25.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2" } ], "aliases": [ "CVE-2022-37394", "GHSA-v725-c588-h936" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vc-4my3-87gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15462?format=api", "vulnerability_id": "VCID-qb9p-rpza-5fa5", "summary": "OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64736", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64708", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64719", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64706", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64726", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64593", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64674", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.6468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.64712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.647", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2256" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1194093", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1194093" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=993340" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/281", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/281" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905", "reference_id": "718905", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-2256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256", "reference_id": "CVE-2013-2256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2256" }, { "reference_url": "https://github.com/advisories/GHSA-5mj6-643f-2g85", "reference_id": "GHSA-5mj6-643f-2g85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mj6-643f-2g85" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54498?format=api", "purl": "pkg:pypi/nova@2013.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sj2k-uq1g-suby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.1.3" } ], "aliases": [ "CVE-2013-2256", "GHSA-5mj6-643f-2g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22302?format=api", "vulnerability_id": "VCID-s69v-tc7x-37fe", "summary": "OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03789", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03786", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05133", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18747", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21907", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22132", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22058", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22081", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24708" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/2137507", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://bugs.launchpad.net/nova/+bug/2137507" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24708" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/02/17/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/02/17/7" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294", "reference_id": "1128294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312", "reference_id": "2430312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430312" }, { "reference_url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6", "reference_id": "GHSA-m4f3-qp2w-gwh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4f3-qp2w-gwh6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7884", "reference_id": "RHSA-2026:7884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7884" }, { "reference_url": "https://usn.ubuntu.com/8049-1/", "reference_id": "USN-8049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8049-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-24708", "GHSA-m4f3-qp2w-gwh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16041?format=api", "vulnerability_id": "VCID-sj2k-uq1g-suby", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nCVE-2013-4179 OpenStack: Nova XML entities DoS", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71365", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71344", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71398", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71275", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71292", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7133", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4179" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1190229", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1190229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=989707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2005-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2005-1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4179", "reference_id": "CVE-2013-4179", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4179" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179", "reference_id": "CVE-2013-4179", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4179" }, { "reference_url": "https://github.com/advisories/GHSA-j6xh-q826-55jw", "reference_id": "GHSA-j6xh-q826-55jw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6xh-q826-55jw" }, { "reference_url": "https://usn.ubuntu.com/2000-1/", "reference_id": "USN-2000-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2000-1/" }, { "reference_url": "https://usn.ubuntu.com/2005-1/", "reference_id": "USN-2005-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2005-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55365?format=api", "purl": "pkg:pypi/nova@2013.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2" } ], "aliases": [ "CVE-2013-4179", "GHSA-j6xh-q826-55jw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15700?format=api", "vulnerability_id": "VCID-x5k4-dm9d-xkf7", "summary": "OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1781", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1782" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71827", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71749", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71782", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71788", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7177", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71737", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3608" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1338830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1338830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608" }, { "reference_url": "http://seclists.org/oss-sec/2014/q4/65", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2014/q4/65" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220" }, { "reference_url": "http://www.securityfocus.com/bid/70220", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70220" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608", "reference_id": "CVE-2014-3608", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3608" }, { "reference_url": "https://github.com/advisories/GHSA-92hc-c226-32q7", "reference_id": "GHSA-92hc-c226-32q7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92hc-c226-32q7" }, { "reference_url": "https://usn.ubuntu.com/2407-1/", "reference_id": "USN-2407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54876?format=api", "purl": "pkg:pypi/nova@2014.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.3" } ], "aliases": [ "CVE-2014-3608", "GHSA-92hc-c226-32q7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13153?format=api", "vulnerability_id": "VCID-zwuz-pgjz-rkb9", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87234", "scoring_system": "epss", "scoring_elements": "0.99455", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.87234", "scoring_system": "epss", "scoring_elements": "0.99452", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.87234", "scoring_system": "epss", "scoring_elements": "0.99453", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.9945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99453", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99445", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99444", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.87248", "scoring_system": "epss", "scoring_elements": "0.99449", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3654" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1927677", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1927677" }, { "reference_url": "https://bugs.python.org/issue32084", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.python.org/issue32084" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova" }, { "reference_url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66" }, { "reference_url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb" }, { "reference_url": "https://security.gentoo.org/glsa/202305-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2021/07/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2021/07/29/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441", "reference_id": "991441", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3654", "reference_id": "CVE-2021-3654", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3654" }, { "reference_url": "https://github.com/advisories/GHSA-vqp6-j452-j6wp", "reference_id": "GHSA-vqp6-j452-j6wp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqp6-j452-j6wp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0983", "reference_id": "RHSA-2022:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0999", "reference_id": "RHSA-2022:0999", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0999" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47130?format=api", "purl": "pkg:pypi/nova@21.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/47132?format=api", "purl": "pkg:pypi/nova@22.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/287245?format=api", "purl": "pkg:pypi/nova@22.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/47134?format=api", "purl": "pkg:pypi/nova@23.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/287248?format=api", "purl": "pkg:pypi/nova@23.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.1.0" } ], "aliases": [ "CVE-2021-3654", "GHSA-vqp6-j452-j6wp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwuz-pgjz-rkb9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6132?format=api", "vulnerability_id": "VCID-1fb2-ccby-7yfq", "summary": "An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59748", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59763", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59745", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5978", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59761", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59774", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.5979", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59784", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.59746", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff" }, { "reference_url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d" }, { "reference_url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db" }, { "reference_url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb" }, { "reference_url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml" }, { "reference_url": "https://launchpad.net/bugs/1890501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1890501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17376" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-006.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/25/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/08/25/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869426", "reference_id": "1869426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052", "reference_id": "969052", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052" }, { "reference_url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv", "reference_id": "GHSA-c7w7-9c85-4qxv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c7w7-9c85-4qxv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3702", "reference_id": "RHSA-2020:3702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3704", "reference_id": "RHSA-2020:3704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3706", "reference_id": "RHSA-2020:3706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3708", "reference_id": "RHSA-2020:3708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3711", "reference_id": "RHSA-2020:3711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3711" }, { "reference_url": "https://usn.ubuntu.com/5866-1/", "reference_id": "USN-5866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5866-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13141?format=api", "purl": "pkg:pypi/nova@19.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13142?format=api", "purl": "pkg:pypi/nova@20.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/287228?format=api", "purl": "pkg:pypi/nova@20.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/13143?format=api", "purl": "pkg:pypi/nova@21.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1p1c-fevy-bydg" }, { "vulnerability": "VCID-5nfz-1bk3-93fe" }, { "vulnerability": "VCID-5tkb-w761-4qc6" }, { "vulnerability": "VCID-6n3z-x4zj-4bez" }, { "vulnerability": "VCID-bauj-n7jg-gkd2" }, { "vulnerability": "VCID-br4q-499g-vqhg" }, { "vulnerability": "VCID-e6ne-73mv-73bc" }, { "vulnerability": "VCID-ek6e-977t-3bew" }, { "vulnerability": "VCID-ex1j-py3q-93hv" }, { "vulnerability": "VCID-h6rd-5p7q-s3gq" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-qb9p-rpza-5fa5" }, { "vulnerability": "VCID-s69v-tc7x-37fe" }, { "vulnerability": "VCID-sj2k-uq1g-suby" }, { "vulnerability": "VCID-x5k4-dm9d-xkf7" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0" } ], "aliases": [ "CVE-2020-17376", "GHSA-c7w7-9c85-4qxv", "PYSEC-2020-243" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fb2-ccby-7yfq" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1" }