{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","type":"deb","namespace":"debian","name":"nova","version":"2:33.0.1-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7199?format=json","vulnerability_id":"VCID-124a-e1xg-ufhd","summary":"keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10886","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1174608","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1174608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce"},{"reference_url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7"},{"reference_url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60"},{"reference_url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199854?format=json","purl":"pkg:deb/debian/nova@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2030","GHSA-pxxv-rv32-2qgv","PYSEC-2013-45"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-124a-e1xg-ufhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83753?format=json","vulnerability_id":"VCID-1t9d-4wrv-gbah","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6491","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64171","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6491"},{"reference_url":"https://usn.ubuntu.com/2208-1/","reference_id":"USN-2208-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2208-1/"},{"reference_url":"https://usn.ubuntu.com/2208-2/","reference_id":"USN-2208-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2208-2/"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199868?format=json","purl":"pkg:deb/debian/nova@2013.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1t9d-4wrv-gbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82162?format=json","vulnerability_id":"VCID-28wh-kpg5-3fe6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4261","reference_id":"","reference_type":"","scores":[{"value":"0.00596","scoring_system":"epss","scoring_elements":"0.69686","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4261"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199863?format=json","purl":"pkg:deb/debian/nova@2013.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4261"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28wh-kpg5-3fe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7740?format=json","vulnerability_id":"VCID-2ba7-wb9n-q3d8","summary":"An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2622","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2631","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2652","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2652"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80053","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml"},{"reference_url":"https://launchpad.net/bugs/1837877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1837877"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2019-003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2019-003.html"},{"reference_url":"https://usn.ubuntu.com/4104-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4104-1"},{"reference_url":"https://usn.ubuntu.com/4104-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4104-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/06/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/06/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114","reference_id":"934114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199888?format=json","purl":"pkg:deb/debian/nova@2:19.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:19.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14433","GHSA-pg64-r7rr-phv8","PYSEC-2019-191"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ba7-wb9n-q3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91495?format=json","vulnerability_id":"VCID-2k48-naqm-qua8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8750","reference_id":"","reference_type":"","scores":[{"value":"0.00929","scoring_system":"epss","scoring_elements":"0.76427","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199854?format=json","purl":"pkg:deb/debian/nova@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-8750"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2k48-naqm-qua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80036?format=json","vulnerability_id":"VCID-2n9h-y9yp-z7gn","summary":"","references":[{"reference_url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"},{"reference_url":"http://bugs.python.org/issue17239","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.python.org/issue17239"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88535","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1100282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1100282"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40"},{"reference_url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664"},{"reference_url":"http://ubuntu.com/usn/usn-1757-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1757-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948","reference_id":"700948","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949","reference_id":"700949","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950","reference_id":"700950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://usn.ubuntu.com/1730-1/","reference_id":"USN-1730-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1730-1/"},{"reference_url":"https://usn.ubuntu.com/1731-1/","reference_id":"USN-1731-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1731-1/"},{"reference_url":"https://usn.ubuntu.com/1734-1/","reference_id":"USN-1734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1734-1/"},{"reference_url":"https://usn.ubuntu.com/1757-1/","reference_id":"USN-1757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1757-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199858?format=json","purl":"pkg:deb/debian/nova@2012.1.1-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1664","GHSA-qrh7-x6fp-c2mp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n9h-y9yp-z7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15582?format=json","vulnerability_id":"VCID-2q7r-cgqc-qfah","summary":"Openstack nova qcow format could expose host filesystem information\nVersions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.","references":[{"reference_url":"http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3147","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39615","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3147"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/853330","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/853330"},{"reference_url":"https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ff9d353b2f4fee469e530fbc8dc231a41f6fed84"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3147","reference_id":"CVE-2011-3147","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3147"},{"reference_url":"https://github.com/advisories/GHSA-hqfx-4x4w-vmwp","reference_id":"GHSA-hqfx-4x4w-vmwp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqfx-4x4w-vmwp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199839?format=json","purl":"pkg:deb/debian/nova@2012.1~e1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2011-3147","GHSA-hqfx-4x4w-vmwp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7r-cgqc-qfah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82176?format=json","vulnerability_id":"VCID-33x3-t2ck-akgg","summary":"","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4278","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42114","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4278"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1212179","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1212179"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9"},{"reference_url":"https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492"},{"reference_url":"https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4278","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4278"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602","reference_id":"720602","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199862?format=json","purl":"pkg:deb/debian/nova@2013.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4278","GHSA-43cm-73px-5v4m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33x3-t2ck-akgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16748?format=json","vulnerability_id":"VCID-3ekz-4ahc-5ybh","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.70229","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199892?format=json","purl":"pkg:deb/debian/nova@2:26.0.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekz-4ahc-5ybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16310?format=json","vulnerability_id":"VCID-3gk8-wbuj-xfc2","summary":"OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74278","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942"},{"reference_url":"https://launchpad.net/bugs/1392527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1392527"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-017.html"},{"reference_url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76553"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883","reference_id":"798883","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280"},{"reference_url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7","reference_id":"GHSA-mfmj-gwg3-vhw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199878?format=json","purl":"pkg:deb/debian/nova@1:12.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-3280","GHSA-mfmj-gwg3-vhw7"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gk8-wbuj-xfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16432?format=json","vulnerability_id":"VCID-3qv3-8zyv-x7hv","summary":"OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77908","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1358583","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1358583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777"},{"reference_url":"http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70777"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3708"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708"},{"reference_url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg","reference_id":"GHSA-43hc-pwvx-pmfg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199873?format=json","purl":"pkg:deb/debian/nova@2014.1.3-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3708","GHSA-43hc-pwvx-pmfg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qv3-8zyv-x7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82327?format=json","vulnerability_id":"VCID-4c5h-6xyp-hudd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4497","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43384","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4497"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1073306","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1073306"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1202266","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1202266"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e"},{"reference_url":"https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7"},{"reference_url":"https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80"},{"reference_url":"https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4497","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4497"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/11/03/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/11/03/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/11/03/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/11/03/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199863?format=json","purl":"pkg:deb/debian/nova@2013.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4497","GHSA-27q4-38qf-m25h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c5h-6xyp-hudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15871?format=json","vulnerability_id":"VCID-57ta-3qn2-nugb","summary":"OpenStack Nova Denial of service attack on the compute host\nAn issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2018/04/20/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2018/04/20/3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2332","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2714","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2855","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2855"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18191","reference_id":"","reference_type":"","scores":[{"value":"0.02481","scoring_system":"epss","scoring_elements":"0.85543","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0225a61fc4557c1257383a654f0741f7ef2ddeac"},{"reference_url":"https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/5b64a1936122eeb35f37a09f9d38159e1a224c58"},{"reference_url":"https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/cd3eb60c2c00bcccfa9ccd4bf9d1a96ae7a5cd88"},{"reference_url":"https://launchpad.net/bugs/1739593","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1739593"},{"reference_url":"https://review.openstack.org/539893","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/539893"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2018-001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2018-001.html"},{"reference_url":"http://www.securityfocus.com/bid/103104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103104"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18191","reference_id":"CVE-2017-18191","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18191"},{"reference_url":"https://github.com/advisories/GHSA-ffmh-r67w-m88f","reference_id":"GHSA-ffmh-r67w-m88f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffmh-r67w-m88f"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199886?format=json","purl":"pkg:deb/debian/nova@2:17.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:17.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-18191","GHSA-ffmh-r67w-m88f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57ta-3qn2-nugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16308?format=json","vulnerability_id":"VCID-5p29-z3wj-5keu","summary":"Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0790","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42583","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1409142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1409142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250","reference_id":"780250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-0259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259"},{"reference_url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf","reference_id":"GHSA-x8xr-rm9r-7mvf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199876?format=json","purl":"pkg:deb/debian/nova@2014.1.3-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-0259","GHSA-x8xr-rm9r-7mvf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p29-z3wj-5keu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16335?format=json","vulnerability_id":"VCID-5sbw-2suq-5qby","summary":"OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64994","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1194093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1194093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/281","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/281"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905","reference_id":"718905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-2256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256"},{"reference_url":"https://github.com/advisories/GHSA-5mj6-643f-2g85","reference_id":"GHSA-5mj6-643f-2g85","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5mj6-643f-2g85"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199861?format=json","purl":"pkg:deb/debian/nova@2013.1.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2256","GHSA-5mj6-643f-2g85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbw-2suq-5qby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16299?format=json","vulnerability_id":"VCID-5wph-frx5-3qhe","summary":"OpenStack Nova Potential Xen connection password leak via StorageError\nThe volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8749","reference_id":"","reference_type":"","scores":[{"value":"0.00942","scoring_system":"epss","scoring_elements":"0.76587","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8749"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1516765","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1516765"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/8b289237ed6d53738c22878decf0c429301cf3d0"},{"reference_url":"https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b2acc9fa864b6fe10bc0c5f3786b976b472b1b27"},{"reference_url":"https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/cf197ec2d682fb4da777df2291ca7ef101f73b77"},{"reference_url":"https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ef1ccdaca9512b88878155f7d8c2c77853d91252"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-002.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/07/8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/07/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/07/9","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/01/07/9"},{"reference_url":"http://www.securityfocus.com/bid/80189","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/80189"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8749","reference_id":"CVE-2015-8749","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8749"},{"reference_url":"https://github.com/advisories/GHSA-c36r-g737-9qp8","reference_id":"GHSA-c36r-g737-9qp8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c36r-g737-9qp8"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199880?format=json","purl":"pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8749","GHSA-c36r-g737-9qp8"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wph-frx5-3qhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84521?format=json","vulnerability_id":"VCID-6ggp-ycpv-7kft","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1084","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1084"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-0167","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-0167"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0167","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59913","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1084868","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1084868"},{"reference_url":"https://launchpad.net/bugs/1290537","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1290537"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0167","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0167"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/04/09/26","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/04/09/26"},{"reference_url":"http://www.ubuntu.com/usn/USN-2247-1","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2247-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051","reference_id":"744051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744051"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199868?format=json","purl":"pkg:deb/debian/nova@2013.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-0167","GHSA-p258-xmh3-72pv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ggp-ycpv-7kft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16400?format=json","vulnerability_id":"VCID-6msd-bxpc-kqbx","summary":"OpenStack Nova host data access through resize/migration\nThe libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0363","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0364","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0365","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0366","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0366"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2140","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56905","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2140"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1548450","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1548450"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1313454","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1313454"},{"reference_url":"http://seclists.org/oss-sec/2016/q1/563","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2016/q1/563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0b194187db9da28225cb5e62be3b45aff5a1c793"},{"reference_url":"https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/116b1210ab772c55d1ed1f715687d83877c92701"},{"reference_url":"https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f302bf04ab5dda89cf8ceaeed309006da90c0666"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-007.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-007.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/08/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/03/08/6"},{"reference_url":"http://www.securityfocus.com/bid/84277","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/84277"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-2140","reference_id":"CVE-2016-2140","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-2140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2140","reference_id":"CVE-2016-2140","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2140"},{"reference_url":"https://github.com/advisories/GHSA-49jv-37hm-6gfp","reference_id":"GHSA-49jv-37hm-6gfp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49jv-37hm-6gfp"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199879?format=json","purl":"pkg:deb/debian/nova@2:13.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2016-2140","GHSA-49jv-37hm-6gfp"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6msd-bxpc-kqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16408?format=json","vulnerability_id":"VCID-7uh3-vxfa-pbdb","summary":"OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1723","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83833","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707"},{"reference_url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1"},{"reference_url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff"},{"reference_url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"},{"reference_url":"https://launchpad.net/bugs/1387543","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1387543"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-015.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-015.html"},{"reference_url":"http://www.securityfocus.com/bid/75372","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/75372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109","reference_id":"796109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3241"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241"},{"reference_url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx","reference_id":"GHSA-3vx7-xff6-h2vx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199878?format=json","purl":"pkg:deb/debian/nova@1:12.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-3241","GHSA-3vx7-xff6-h2vx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uh3-vxfa-pbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7162?format=json","vulnerability_id":"VCID-8c3s-u7sb-g7dp","summary":"OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.","references":[{"reference_url":"http://osvdb.org/91303","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/91303"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0709.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0709.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1838","reference_id":"","reference_type":"","scores":[{"value":"0.01427","scoring_system":"epss","scoring_elements":"0.80943","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1838"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1125468","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1125468"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919648","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919648"},{"reference_url":"http://secunia.com/advisories/52580","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52580"},{"reference_url":"http://secunia.com/advisories/52728","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52728"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/9561484166f245d0e4602a36351d6cac72dd9426"},{"reference_url":"https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/99429214d4ddb5bdc7de185693b8a53ad50df3c6"},{"reference_url":"https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/efaacdaee116388234558e2682b647d41fe5b149"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-44.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg21892.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg21892.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1838","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1838"},{"reference_url":"https://review.openstack.org/#/c/24451","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24451"},{"reference_url":"https://review.openstack.org/#/c/24451/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24451/"},{"reference_url":"https://review.openstack.org/#/c/24452","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24452"},{"reference_url":"https://review.openstack.org/#/c/24452/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24452/"},{"reference_url":"https://review.openstack.org/#/c/24453","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24453"},{"reference_url":"https://review.openstack.org/#/c/24453/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24453/"},{"reference_url":"http://ubuntu.com/usn/usn-1771-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1771-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/03/14/18","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/03/14/18"},{"reference_url":"http://www.securityfocus.com/bid/58492","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064","reference_id":"703064","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703064"},{"reference_url":"https://usn.ubuntu.com/1771-1/","reference_id":"USN-1771-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1771-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199859?format=json","purl":"pkg:deb/debian/nova@2012.1.1-15?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-15%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1838","GHSA-63fq-8fp9-vhwq","PYSEC-2013-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c3s-u7sb-g7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16591?format=json","vulnerability_id":"VCID-8dpx-f6fd-x7a8","summary":"OpenStack Nova denial of service through compressed disk images\nOpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image.  NOTE: this issue is due to an incomplete fix for CVE-2013-2096.","references":[{"reference_url":"http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f"},{"reference_url":"http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0112.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0112.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4463","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35957","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4463"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1206081","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1206081"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/31/3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/10/31/3"},{"reference_url":"http://www.ubuntu.com/usn/USN-2247-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2247-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605","reference_id":"728605","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4463","reference_id":"CVE-2013-4463","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4463"},{"reference_url":"https://github.com/advisories/GHSA-5644-2v3h-5w4x","reference_id":"GHSA-5644-2v3h-5w4x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5644-2v3h-5w4x"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199864?format=json","purl":"pkg:deb/debian/nova@2013.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4463","GHSA-5644-2v3h-5w4x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dpx-f6fd-x7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15181?format=json","vulnerability_id":"VCID-ajec-k7qb-6yek","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654","reference_id":"","reference_type":"","scores":[{"value":"0.87177","scoring_system":"epss","scoring_elements":"0.99462","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1927677","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1927677"},{"reference_url":"https://bugs.python.org/issue32084","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.python.org/issue32084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"},{"reference_url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"},{"reference_url":"https://security.gentoo.org/glsa/202305-02","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202305-02"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2021-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2021-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/07/29/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2021/07/29/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441","reference_id":"991441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654","reference_id":"CVE-2021-3654","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654"},{"reference_url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp","reference_id":"GHSA-vqp6-j452-j6wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199890?format=json","purl":"pkg:deb/debian/nova@2:23.0.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:23.0.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3654","GHSA-vqp6-j452-j6wp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajec-k7qb-6yek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7244?format=json","vulnerability_id":"VCID-b8cd-srsc-1kdk","summary":"The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0134","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42114","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0134"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1221190","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1221190"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637"},{"reference_url":"https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714"},{"reference_url":"https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0134","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0134"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/03/27/6","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/03/27/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2247-1","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2247-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712","reference_id":"742712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742712"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199869?format=json","purl":"pkg:deb/debian/nova@2013.2.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-0134","GHSA-w429-xc55-hc48","PYSEC-2014-112"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cd-srsc-1kdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7442?format=json","vulnerability_id":"VCID-c5s5-rn36-1qh6","summary":"OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2687","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16339","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2687"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1419577","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1419577"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205313","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205313"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b83cae02ece4c338e09c3606c6ae69b715bd6f8c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2017-145.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2687","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2687"},{"reference_url":"https://review.openstack.org/#/c/338929","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/338929"},{"reference_url":"https://review.openstack.org/#/c/338929/","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://review.openstack.org/#/c/338929/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/24/10","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/03/24/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/25/3","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/03/25/3"},{"reference_url":"http://www.securityfocus.com/bid/77505","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.securityfocus.com/bid/77505"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199877?format=json","purl":"pkg:deb/debian/nova@2014.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2687","GHSA-97fv-22hc-mrgj","PYSEC-2017-145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5s5-rn36-1qh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16423?format=json","vulnerability_id":"VCID-cj8k-ufmj-kqe2","summary":"OpenStack Nova live snapshots use an insecure local directory\nOpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7048","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32439","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7048"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1227027","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1227027"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d"},{"reference_url":"https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f"},{"reference_url":"https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/01/13/2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/01/13/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022","reference_id":"732022","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7048","reference_id":"CVE-2013-7048","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7048"},{"reference_url":"https://github.com/advisories/GHSA-grp5-h379-j75x","reference_id":"GHSA-grp5-h379-j75x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grp5-h379-j75x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199867?format=json","purl":"pkg:deb/debian/nova@2013.2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-7048","GHSA-grp5-h379-j75x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj8k-ufmj-kqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16328?format=json","vulnerability_id":"VCID-db3a-7hcs-syc6","summary":"OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162","reference_id":"","reference_type":"","scores":[{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87984","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5"},{"reference_url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f"},{"reference_url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397"},{"reference_url":"https://launchpad.net/bugs/1449062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1449062"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/06/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/10/06/8"},{"reference_url":"http://www.securityfocus.com/bid/76849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76849"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162"},{"reference_url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx","reference_id":"GHSA-g2j5-7vgx-6xrx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199879?format=json","purl":"pkg:deb/debian/nova@2:13.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5162","GHSA-g2j5-7vgx-6xrx"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db3a-7hcs-syc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78691?format=json","vulnerability_id":"VCID-dftj-xuud-b3cx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0208","reference_id":"","reference_type":"","scores":[{"value":"0.00953","scoring_system":"epss","scoring_elements":"0.76709","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0208"},{"reference_url":"https://usn.ubuntu.com/1709-1/","reference_id":"USN-1709-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1709-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199855?format=json","purl":"pkg:deb/debian/nova@2012.1.1-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dftj-xuud-b3cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7225?format=json","vulnerability_id":"VCID-dznm-cs7e-53g3","summary":"The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2573","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28313","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2573"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1269418","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1269418"},{"reference_url":"http://secunia.com/advisories/57498","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/57498"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9"},{"reference_url":"https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2573","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2573"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/03/21/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/03/21/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/03/21/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/03/21/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144","reference_id":"750144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199870?format=json","purl":"pkg:deb/debian/nova@2014.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-2573","GHSA-jv34-xvjq-ppch","PYSEC-2014-113"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dznm-cs7e-53g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16516?format=json","vulnerability_id":"VCID-eat8-r11q-m3eg","summary":"OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2673","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2684","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0017","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0017"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1491307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1491307"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1492961","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1492961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-021.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-021.html"},{"reference_url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960"},{"reference_url":"http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76960"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-7713"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713"},{"reference_url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr","reference_id":"GHSA-67rh-9p29-vrxr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199878?format=json","purl":"pkg:deb/debian/nova@1:12.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@1:12.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7713","GHSA-67rh-9p29-vrxr"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eat8-r11q-m3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/254487?format=json","vulnerability_id":"VCID-ef5k-jqxk-ukag","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43956","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"CVE-2024-32498","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199895?format=json","purl":"pkg:deb/debian/nova@2:22.4.0-1~deb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199894?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199896?format=json","purl":"pkg:deb/debian/nova@2:29.0.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:29.0.2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef5k-jqxk-ukag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15593?format=json","vulnerability_id":"VCID-ewru-8cxk-mycm","summary":"OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4076","reference_id":"","reference_type":"","scores":[{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61496","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4076"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/868360","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/868360"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076"},{"reference_url":"https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b1ab6da1495784ff581000018a6047fd19cf82c4"},{"reference_url":"https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/beee11edbfdd82cd81bc9c0fd75912c167892c2b"},{"reference_url":"https://www.openwall.com/lists/oss-security/2011/10/25/4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2011/10/25/4"},{"reference_url":"https://access.redhat.com/security/cve/cve-2011-4076","reference_id":"CVE-2011-4076","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2011-4076"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4076","reference_id":"CVE-2011-4076","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4076"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-4076","reference_id":"CVE-2011-4076","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2011-4076"},{"reference_url":"https://github.com/advisories/GHSA-vcmv-6rxx-fh7r","reference_id":"GHSA-vcmv-6rxx-fh7r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcmv-6rxx-fh7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199839?format=json","purl":"pkg:deb/debian/nova@2012.1~e1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4076","GHSA-vcmv-6rxx-fh7r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewru-8cxk-mycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7129?format=json","vulnerability_id":"VCID-fbkc-wgdn-tfhw","summary":"Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2101","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75774","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2101"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/969545","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/969545"},{"reference_url":"http://secunia.com/advisories/49034","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49034"},{"reference_url":"http://secunia.com/advisories/49048","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49048"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/75243","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/75243"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7"},{"reference_url":"https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb"},{"reference_url":"https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-36.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg10268.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg10268.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2101","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2101"},{"reference_url":"http://ubuntu.com/usn/usn-1438-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1438-1"},{"reference_url":"http://www.osvdb.org/81641","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/81641"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637","reference_id":"670637","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670637"},{"reference_url":"https://usn.ubuntu.com/1438-1/","reference_id":"USN-1438-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1438-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199846?format=json","purl":"pkg:deb/debian/nova@2012.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2101","GHSA-hq3f-9gf7-73r8","PYSEC-2012-36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbkc-wgdn-tfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79517?format=json","vulnerability_id":"VCID-fcgm-31hu-83gj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1068","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44821","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1068"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579","reference_id":"753579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585","reference_id":"753585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"},{"reference_url":"https://usn.ubuntu.com/2248-1/","reference_id":"USN-2248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199857?format=json","purl":"pkg:deb/debian/nova@2014.1.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcgm-31hu-83gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202048?format=json","vulnerability_id":"VCID-fpvj-5qws-tydy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50302","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1981813","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1981813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde"},{"reference_url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206"},{"reference_url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44"},{"reference_url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a"},{"reference_url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e"},{"reference_url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/849985","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/849985"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/850003","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/850003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980","reference_id":"1016980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394","reference_id":"CVE-2022-37394","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394"},{"reference_url":"https://github.com/advisories/GHSA-v725-c588-h936","reference_id":"GHSA-v725-c588-h936","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v725-c588-h936"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199891?format=json","purl":"pkg:deb/debian/nova@2:26.0.0~rc1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.0.0~rc1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-37394","GHSA-v725-c588-h936"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpvj-5qws-tydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7140?format=json","vulnerability_id":"VCID-jdjj-3uf5-tyf9","summary":"virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3447","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76364","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3447"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1031311","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1031311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=845106","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=845106"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77539","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"},{"reference_url":"https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml"},{"reference_url":"https://review.openstack.org/#/c/10953","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/10953"},{"reference_url":"https://review.openstack.org/#/c/10953/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/10953/"},{"reference_url":"https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/07/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/07/1"},{"reference_url":"http://www.securityfocus.com/bid/54869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/54869"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256","reference_id":"684256","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3447","reference_id":"CVE-2012-3447","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3447"},{"reference_url":"https://github.com/advisories/GHSA-xc4g-7vw8-924h","reference_id":"GHSA-xc4g-7vw8-924h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xc4g-7vw8-924h"},{"reference_url":"https://usn.ubuntu.com/1545-1/","reference_id":"USN-1545-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1545-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199853?format=json","purl":"pkg:deb/debian/nova@2012.1.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3447","GHSA-xc4g-7vw8-924h","PYSEC-2012-21"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdjj-3uf5-tyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16446?format=json","vulnerability_id":"VCID-jdq5-r57v-6kdj","summary":"OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1781","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1782"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72084","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1338830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1338830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/65","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/65"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220"},{"reference_url":"http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70220"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608"},{"reference_url":"https://github.com/advisories/GHSA-92hc-c226-32q7","reference_id":"GHSA-92hc-c226-32q7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-92hc-c226-32q7"},{"reference_url":"https://usn.ubuntu.com/2407-1/","reference_id":"USN-2407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199872?format=json","purl":"pkg:deb/debian/nova@2014.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3608","GHSA-92hc-c226-32q7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdq5-r57v-6kdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7135?format=json","vulnerability_id":"VCID-kx6t-7mbh-gkc1","summary":"Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3360","reference_id":"","reference_type":"","scores":[{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80592","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3360"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1015531","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1015531"},{"reference_url":"http://secunia.com/advisories/49763","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49763"},{"reference_url":"http://secunia.com/advisories/49802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49802"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"},{"reference_url":"https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-38.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg14089.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg14089.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3360","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3360"},{"reference_url":"http://www.securityfocus.com/bid/54277","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/54277"},{"reference_url":"http://www.ubuntu.com/usn/USN-1497-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1497-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110","reference_id":"680110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110"},{"reference_url":"https://usn.ubuntu.com/1497-1/","reference_id":"USN-1497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1497-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199848?format=json","purl":"pkg:deb/debian/nova@2012.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3360","GHSA-m454-cm7h-rqhh","PYSEC-2012-38"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx6t-7mbh-gkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106944?format=json","vulnerability_id":"VCID-msfc-5x87-fqgc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7498","reference_id":"","reference_type":"","scores":[{"value":"0.02248","scoring_system":"epss","scoring_elements":"0.84855","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199883?format=json","purl":"pkg:deb/debian/nova@2:13.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2016-7498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msfc-5x87-fqgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98599?format=json","vulnerability_id":"VCID-ngcr-5ry9-cqa8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7548","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38165","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:C/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199880?format=json","purl":"pkg:deb/debian/nova@2:13.0.0~rc3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:13.0.0~rc3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7548"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngcr-5ry9-cqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7131?format=json","vulnerability_id":"VCID-nmd6-kbb3-3fc1","summary":"The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2654","reference_id":"","reference_type":"","scores":[{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79055","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2654"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/985184","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/985184"},{"reference_url":"http://secunia.com/advisories/46808","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/46808"},{"reference_url":"http://secunia.com/advisories/49439","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49439"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76110","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"},{"reference_url":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg12883.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg12883.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2654","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2654"},{"reference_url":"https://review.openstack.org/#/c/8239","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/8239"},{"reference_url":"https://review.openstack.org/#/c/8239/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/8239/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1466-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1466-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465","reference_id":"676465","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676465"},{"reference_url":"https://usn.ubuntu.com/1466-1/","reference_id":"USN-1466-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1466-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199847?format=json","purl":"pkg:deb/debian/nova@2012.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2654","GHSA-46r8-9cj7-pw6g","PYSEC-2012-37"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmd6-kbb3-3fc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16455?format=json","vulnerability_id":"VCID-p137-11yd-4bgv","summary":"OpenStack Nova logs sensitive context from notification exceptions\nAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1508","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1595","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1595"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7214","reference_id":"","reference_type":"","scores":[{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.80021","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7214"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a"},{"reference_url":"https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c"},{"reference_url":"https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a"},{"reference_url":"https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598"},{"reference_url":"https://launchpad.net/bugs/1673569","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1673569"},{"reference_url":"http://www.securityfocus.com/bid/96998","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/96998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568","reference_id":"858568","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7214","reference_id":"CVE-2017-7214","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7214"},{"reference_url":"https://github.com/advisories/GHSA-f4g4-cj8f-3cr9","reference_id":"GHSA-f4g4-cj8f-3cr9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f4g4-cj8f-3cr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199887?format=json","purl":"pkg:deb/debian/nova@2:14.0.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:14.0.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-7214","GHSA-f4g4-cj8f-3cr9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p137-11yd-4bgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80376?format=json","vulnerability_id":"VCID-p33s-1qnf-f7b8","summary":"","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2096","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19437","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0caeb8eaf20abcdc77828f5c6b79fc104619e231"},{"reference_url":"https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/44a8aba1d5da87d54db48079103fdef946666d80"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2096","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2096"},{"reference_url":"https://review.openstack.org/#/c/28717","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/28717"},{"reference_url":"https://review.openstack.org/#/c/28901","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/28901"},{"reference_url":"https://review.openstack.org/#/c/29192","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/29192"},{"reference_url":"https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130726040108/http://www.securityfocus.com/bid/59924"},{"reference_url":"http://www.ubuntu.com/usn/USN-1831-1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1831-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157","reference_id":"710157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157"},{"reference_url":"https://usn.ubuntu.com/1831-1/","reference_id":"USN-1831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1831-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199860?format=json","purl":"pkg:deb/debian/nova@2013.1.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2096","GHSA-m674-hmx2-ffhq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p33s-1qnf-f7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83697?format=json","vulnerability_id":"VCID-pva3-4j9z-9kex","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0091.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0091.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6419","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68691","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6419"},{"reference_url":"https://bugs.launchpad.net/neutron/+bug/1235450","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/neutron/+bug/1235450"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/07006be9165d1008ca0382b6f0ad25b13a676a55"},{"reference_url":"https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/af2f823107010933ecd94a9c938f8b739baaecb7"},{"reference_url":"https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/bce36e9bdb1fcb9658f7b684d160e656e88d816c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6419"},{"reference_url":"https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py"},{"reference_url":"https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/12/11/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/12/11/8"},{"reference_url":"http://www.securityfocus.com/bid/64250","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/64250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199865?format=json","purl":"pkg:deb/debian/nova@2013.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6419","GHSA-22w9-j288-8p9w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pva3-4j9z-9kex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16465?format=json","vulnerability_id":"VCID-q2pf-qwnc-5qa2","summary":"Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1084"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60899","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1325128","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1325128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/07/17/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042","reference_id":"755042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517"},{"reference_url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5","reference_id":"GHSA-xjmj-p278-4jp5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5"},{"reference_url":"https://usn.ubuntu.com/2325-1/","reference_id":"USN-2325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199871?format=json","purl":"pkg:deb/debian/nova@2014.1.1-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3517","GHSA-xjmj-p278-4jp5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2pf-qwnc-5qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7163?format=json","vulnerability_id":"VCID-qgh3-k8un-tqfz","summary":"OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.","references":[{"reference_url":"http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72"},{"reference_url":"http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88"},{"reference_url":"http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d"},{"reference_url":"http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a"},{"reference_url":"http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0709.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0709.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0335","reference_id":"","reference_type":"","scores":[{"value":"0.01036","scoring_system":"epss","scoring_elements":"0.77692","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0335"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1125378","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1125378"},{"reference_url":"http://secunia.com/advisories/52337","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52337"},{"reference_url":"http://secunia.com/advisories/52728","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52728"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml"},{"reference_url":"https://review.openstack.org/#/c/22086","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22086"},{"reference_url":"https://review.openstack.org/#/c/22086/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/22086/"},{"reference_url":"https://review.openstack.org/#/c/22758","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22758"},{"reference_url":"https://review.openstack.org/#/c/22872","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22872"},{"reference_url":"https://review.openstack.org/#/c/22872/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/22872/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/26/7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/26/7"},{"reference_url":"http://www.osvdb.org/90657","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/90657"},{"reference_url":"http://www.ubuntu.com/usn/USN-1771-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1771-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773","reference_id":"701773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0335","reference_id":"CVE-2013-0335","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0335"},{"reference_url":"https://github.com/advisories/GHSA-qfp8-hfqx-c79c","reference_id":"GHSA-qfp8-hfqx-c79c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfp8-hfqx-c79c"},{"reference_url":"https://usn.ubuntu.com/1771-1/","reference_id":"USN-1771-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1771-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199856?format=json","purl":"pkg:deb/debian/nova@2012.1.1-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0335","GHSA-qfp8-hfqx-c79c","PYSEC-2013-43"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgh3-k8un-tqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73333?format=json","vulnerability_id":"VCID-qkwv-cmuz-hubn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0030","reference_id":"","reference_type":"","scores":[{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.68245","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0030"},{"reference_url":"https://usn.ubuntu.com/1326-1/","reference_id":"USN-1326-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1326-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199844?format=json","purl":"pkg:deb/debian/nova@2012.1~rc1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~rc1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-0030"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkwv-cmuz-hubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7155?format=json","vulnerability_id":"VCID-qmtt-dars-5ba8","summary":"OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).","references":[{"reference_url":"http://osvdb.org/88419","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/88419"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0208.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0208.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5625","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77915","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5625"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1070539","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1070539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=884293","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=884293"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f"},{"reference_url":"https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-42.yaml"},{"reference_url":"https://launchpad.net/nova/folsom/2012.2.2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/nova/folsom/2012.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5625","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5625"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/11/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/12/11/5"},{"reference_url":"http://www.securityfocus.com/bid/56904","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56904"},{"reference_url":"http://www.ubuntu.com/usn/USN-1663-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1663-1"},{"reference_url":"https://usn.ubuntu.com/1663-1/","reference_id":"USN-1663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199854?format=json","purl":"pkg:deb/debian/nova@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5625","GHSA-rwhr-h69g-8qmq","PYSEC-2012-41","PYSEC-2012-42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmtt-dars-5ba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16442?format=json","vulnerability_id":"VCID-qsba-b5ru-hbbw","summary":"OpenStack Nova Long server names grow nova-api log files significantly\nOpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.","references":[{"reference_url":"http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de"},{"reference_url":"http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702"},{"reference_url":"http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554"},{"reference_url":"http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1"},{"reference_url":"http://lwn.net/Alerts/491298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lwn.net/Alerts/491298"},{"reference_url":"http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1585","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65115","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1585"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/962515","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/962515"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888","reference_id":"666888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1585","reference_id":"CVE-2012-1585","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1585"},{"reference_url":"https://github.com/advisories/GHSA-pjvw-p2v5-wf6q","reference_id":"GHSA-pjvw-p2v5-wf6q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pjvw-p2v5-wf6q"},{"reference_url":"https://usn.ubuntu.com/1413-1/","reference_id":"USN-1413-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1413-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199845?format=json","purl":"pkg:deb/debian/nova@2012-1~rc3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012-1~rc3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-1585","GHSA-pjvw-p2v5-wf6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsba-b5ru-hbbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90384?format=json","vulnerability_id":"VCID-qzs3-yx8x-7qfb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7230","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31025","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7230"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704","reference_id":"765704","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714","reference_id":"765714","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714"},{"reference_url":"https://usn.ubuntu.com/2405-1/","reference_id":"USN-2405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2405-1/"},{"reference_url":"https://usn.ubuntu.com/2407-1/","reference_id":"USN-2407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199874?format=json","purl":"pkg:deb/debian/nova@2014.1.3-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-7230"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzs3-yx8x-7qfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/220914?format=json","vulnerability_id":"VCID-rk1s-qbb6-2yh5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2088","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31499","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932","reference_id":"1035932","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961","reference_id":"1035961","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962","reference_id":"1035962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963","reference_id":"1035963","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963"},{"reference_url":"https://bugs.launchpad.net/bugs/2004555","reference_id":"2004555","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/"}],"url":"https://bugs.launchpad.net/bugs/2004555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179587","reference_id":"2179587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179587"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-003.html","reference_id":"OSSA-2023-003.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-003.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3156","reference_id":"RHSA-2023:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3157","reference_id":"RHSA-2023:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3158","reference_id":"RHSA-2023:3158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3161","reference_id":"RHSA-2023:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3161"},{"reference_url":"https://usn.ubuntu.com/6073-1/","reference_id":"USN-6073-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-1/"},{"reference_url":"https://usn.ubuntu.com/6073-2/","reference_id":"USN-6073-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-2/"},{"reference_url":"https://usn.ubuntu.com/6073-3/","reference_id":"USN-6073-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-3/"},{"reference_url":"https://usn.ubuntu.com/6073-4/","reference_id":"USN-6073-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-4/"},{"reference_url":"https://usn.ubuntu.com/6241-1/","reference_id":"USN-6241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199893?format=json","purl":"pkg:deb/debian/nova@2:26.1.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.1.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2023-2088"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk1s-qbb6-2yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100133?format=json","vulnerability_id":"VCID-s6r7-gev3-e7fk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2422","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232"},{"reference_url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e"},{"reference_url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3"},{"reference_url":"https://launchpad.net/bugs/1492140","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1492140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543"},{"reference_url":"https://review.opendev.org/220622","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/220622"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-001.html","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-001.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/02/19/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635","reference_id":"951635","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199882?format=json","purl":"pkg:deb/debian/nova@2:20.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:20.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-9543","GHSA-22jm-4hxw-35jf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6r7-gev3-e7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82106?format=json","vulnerability_id":"VCID-t13y-haaf-7bfk","summary":"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4179"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71678","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1190229","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1190229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.ubuntu.com/usn/USN-2005-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2005-1"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"},{"reference_url":"https://usn.ubuntu.com/2005-1/","reference_id":"USN-2005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199862?format=json","purl":"pkg:deb/debian/nova@2013.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4179","GHSA-j6xh-q826-55jw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t13y-haaf-7bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7134?format=json","vulnerability_id":"VCID-tzk5-1nfn-eyg9","summary":"virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3361","reference_id":"","reference_type":"","scores":[{"value":"0.01377","scoring_system":"epss","scoring_elements":"0.80568","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3361"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1015531","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1015531"},{"reference_url":"http://secunia.com/advisories/49763","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49763"},{"reference_url":"http://secunia.com/advisories/49802","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49802"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"},{"reference_url":"https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-39.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg14089.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg14089.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3361","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3361"},{"reference_url":"https://review.openstack.org/#/c/9268","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/9268"},{"reference_url":"https://review.openstack.org/#/c/9268/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/9268/"},{"reference_url":"http://www.securityfocus.com/bid/54278","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/54278"},{"reference_url":"http://www.ubuntu.com/usn/USN-1497-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1497-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110","reference_id":"680110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110"},{"reference_url":"https://usn.ubuntu.com/1497-1/","reference_id":"USN-1497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1497-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199848?format=json","purl":"pkg:deb/debian/nova@2012.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3361","GHSA-cm54-3vvf-f5p8","PYSEC-2012-39"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzk5-1nfn-eyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22625?format=json","vulnerability_id":"VCID-u19q-tztn-gbdk","summary":"OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05485","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/2137507","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://bugs.launchpad.net/nova/+bug/2137507"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/02/17/7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/02/17/7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294","reference_id":"1128294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312","reference_id":"2430312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708","reference_id":"CVE-2026-24708","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708"},{"reference_url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6","reference_id":"GHSA-m4f3-qp2w-gwh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7884","reference_id":"RHSA-2026:7884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7884"},{"reference_url":"https://usn.ubuntu.com/8049-1/","reference_id":"USN-8049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8049-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199897?format=json","purl":"pkg:deb/debian/nova@2:22.4.0-1~deb11u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.4.0-1~deb11u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199898?format=json","purl":"pkg:deb/debian/nova@2:32.1.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:32.1.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-24708","GHSA-m4f3-qp2w-gwh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u19q-tztn-gbdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16524?format=json","vulnerability_id":"VCID-u36z-5drx-vfce","summary":"OpenStack Nova DoS through ephemeral disk backing files\nThe libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6437","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63104","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6437"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1253980","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1253980"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3e451f1bac57d24e47171cffb3ad59bb1610d836"},{"reference_url":"https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6e455cd97f04bf26bbe022be17c57e089cf502f4"},{"reference_url":"https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ca38774ebcf5b67d16c202c8f218c0c433973ca9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6437","reference_id":"CVE-2013-6437","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6437"},{"reference_url":"https://github.com/advisories/GHSA-hrv9-4x4c-9jc8","reference_id":"GHSA-hrv9-4x4c-9jc8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hrv9-4x4c-9jc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199867?format=json","purl":"pkg:deb/debian/nova@2013.2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-6437","GHSA-hrv9-4x4c-9jc8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u36z-5drx-vfce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7133?format=json","vulnerability_id":"VCID-u7ma-975h-ebbr","summary":"The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3371","reference_id":"","reference_type":"","scores":[{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75679","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3371"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1017795","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1017795"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-40.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg14452.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg14452.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3371","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3371"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/07/11/13","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/07/11/13"},{"reference_url":"http://www.securityfocus.com/bid/54388","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/54388"},{"reference_url":"http://www.ubuntu.com/usn/USN-1501-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1501-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301","reference_id":"681301","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681301"},{"reference_url":"https://usn.ubuntu.com/1501-1/","reference_id":"USN-1501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1501-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199850?format=json","purl":"pkg:deb/debian/nova@2012.1.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2012-3371","GHSA-xxgm-qpj5-4886","PYSEC-2012-40"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7ma-975h-ebbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16158?format=json","vulnerability_id":"VCID-uyea-wvyg-gyd1","summary":"OpenStack Nova DoS by rebuilding the same instance with a new image multiple times\nAn issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17051","reference_id":"","reference_type":"","scores":[{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75034","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17051"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9"},{"reference_url":"https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23"},{"reference_url":"https://launchpad.net/bugs/1732976","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1732976"},{"reference_url":"https://review.openstack.org/521662","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/521662"},{"reference_url":"https://review.openstack.org/523214","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/523214"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2017-006.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2017-006.html"},{"reference_url":"http://www.securityfocus.com/bid/102102","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/102102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621","reference_id":"883621","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17051","reference_id":"CVE-2017-17051","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17051"},{"reference_url":"https://github.com/advisories/GHSA-vq76-rxx3-4r4r","reference_id":"GHSA-vq76-rxx3-4r4r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vq76-rxx3-4r4r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199885?format=json","purl":"pkg:deb/debian/nova@2:16.0.3-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-17051","GHSA-vq76-rxx3-4r4r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyea-wvyg-gyd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261071?format=json","vulnerability_id":"VCID-vr1y-xf1h-gbhf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74947","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://launchpad.net/bugs/2071734","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://launchpad.net/bugs/2071734"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/924731","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/924731"},{"reference_url":"https://security.openstack.org","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/23/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/23/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217","reference_id":"2297217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767","reference_id":"CVE-2024-40767","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767"},{"reference_url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m","reference_id":"GHSA-rm86-h44c-2r2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5082","reference_id":"RHSA-2024:5082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5083","reference_id":"RHSA-2024:5083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5083"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5097","reference_id":"RHSA-2024:5097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5113","reference_id":"RHSA-2024:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5113"},{"reference_url":"https://usn.ubuntu.com/6911-1/","reference_id":"USN-6911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199854?format=json","purl":"pkg:deb/debian/nova@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-40767","GHSA-rm86-h44c-2r2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr1y-xf1h-gbhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7207?format=json","vulnerability_id":"VCID-wdf1-puxa-17hb","summary":"The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"},{"reference_url":"http://osvdb.org/102416","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/102416"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7130","reference_id":"","reference_type":"","scores":[{"value":"0.03132","scoring_system":"epss","scoring_elements":"0.87099","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7130"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1251590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1251590"},{"reference_url":"http://secunia.com/advisories/56450","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/56450"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90652","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9"},{"reference_url":"https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1"},{"reference_url":"https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7130","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7130"},{"reference_url":"https://review.openstack.org/#/c/68658","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/68658"},{"reference_url":"https://review.openstack.org/#/c/68658/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/68658/"},{"reference_url":"https://review.openstack.org/#/c/68659","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/68659"},{"reference_url":"https://review.openstack.org/#/c/68659/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/68659/"},{"reference_url":"https://review.openstack.org/#/c/68660","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/68660"},{"reference_url":"https://review.openstack.org/#/c/68660/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/68660/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/01/23/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/01/23/5"},{"reference_url":"http://www.securityfocus.com/bid/65106","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65106"},{"reference_url":"http://www.ubuntu.com/usn/USN-2247-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2247-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465","reference_id":"736465","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736465"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199867?format=json","purl":"pkg:deb/debian/nova@2013.2.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-7130","GHSA-99rx-9x8v-9j8p","PYSEC-2014-111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdf1-puxa-17hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82308?format=json","vulnerability_id":"VCID-xash-dc2m-2fa3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4469","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19063","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4469"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1206081","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1206081"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/135faa7b5d9855312bedc19e5e1ecebae34d3d18"},{"reference_url":"https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3cdfe894ab58f7b91bf7fb690fc5bc724e44066f"},{"reference_url":"https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f6810be4ae1a6c93e7d8017ee67d5344dfdf4a30"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4469","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4469"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/31/3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/10/31/3"},{"reference_url":"http://www.ubuntu.com/usn/USN-2247-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2247-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605","reference_id":"728605","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728605"},{"reference_url":"https://usn.ubuntu.com/2247-1/","reference_id":"USN-2247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199864?format=json","purl":"pkg:deb/debian/nova@2013.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4469","GHSA-2w87-5qcj-j6gx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xash-dc2m-2fa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15993?format=json","vulnerability_id":"VCID-xauw-u24d-uqfu","summary":"OpenStack Nova Filter Scheduler Bypass\nIn OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0241","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0314","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0369","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0369"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16239","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60038","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16239"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:P"},{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30"},{"reference_url":"https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34"},{"reference_url":"https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833"},{"reference_url":"https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a"},{"reference_url":"https://launchpad.net/bugs/1664931","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1664931"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2017-005.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2017-005.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4056","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4056"},{"reference_url":"http://www.securityfocus.com/bid/101950","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/101950"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009","reference_id":"882009","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16239","reference_id":"CVE-2017-16239","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16239"},{"reference_url":"https://github.com/advisories/GHSA-w2wf-cgwh-vpqg","reference_id":"GHSA-w2wf-cgwh-vpqg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2wf-cgwh-vpqg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199884?format=json","purl":"pkg:deb/debian/nova@2:16.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-16239","GHSA-w2wf-cgwh-vpqg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xauw-u24d-uqfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7943?format=json","vulnerability_id":"VCID-ywya-kfum-mke1","summary":"An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60027","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff"},{"reference_url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d"},{"reference_url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db"},{"reference_url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb"},{"reference_url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml"},{"reference_url":"https://launchpad.net/bugs/1890501","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1890501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-006.html","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-006.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/25/4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/25/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052","reference_id":"969052","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199889?format=json","purl":"pkg:deb/debian/nova@2:21.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:21.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-17376","GHSA-c7w7-9c85-4qxv","PYSEC-2020-243"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywya-kfum-mke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16368?format=json","vulnerability_id":"VCID-z1bn-znt4-57cg","summary":"OpenStack Nova VMware instance leak potentially leading to compute DoS\nThe VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8333","reference_id":"","reference_type":"","scores":[{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.73134","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8333"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1359138","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1359138"},{"reference_url":"http://secunia.com/advisories/60531","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60531"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d71445c7d2d2921d10a08f82330f0ab8ef4f7df2"},{"reference_url":"https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e1f8664c9fa83f77f5bb763ffcc3157905ed954c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8333","reference_id":"CVE-2014-8333","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8333"},{"reference_url":"https://github.com/advisories/GHSA-g63p-mfcm-54c4","reference_id":"GHSA-g63p-mfcm-54c4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g63p-mfcm-54c4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199875?format=json","purl":"pkg:deb/debian/nova@2014.1.3-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.3-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2014-8333","GHSA-g63p-mfcm-54c4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1bn-znt4-57cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16287?format=json","vulnerability_id":"VCID-zv1m-f3pu-uqdc","summary":"OpenStack Nova Denial of Service in network source security groups\nAlgorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.","references":[{"reference_url":"http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/52ad911963da4095b213952dee3a430fe0c4c30f"},{"reference_url":"http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/85aac04704350566d6b06aa7a3b99649946c672c"},{"reference_url":"http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/nova/commit/d4ee081c5c0a5132781235177c430ebcf72b0b0b"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4185","reference_id":"","reference_type":"","scores":[{"value":"0.00583","scoring_system":"epss","scoring_elements":"0.69296","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4185"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1184041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1184041"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/282"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907","reference_id":"718907","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718907"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4185","reference_id":"CVE-2013-4185","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4185"},{"reference_url":"https://github.com/advisories/GHSA-ph2h-hh49-vh27","reference_id":"GHSA-ph2h-hh49-vh27","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ph2h-hh49-vh27"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199861?format=json","purl":"pkg:deb/debian/nova@2013.1.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4185","GHSA-ph2h-hh49-vh27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv1m-f3pu-uqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16466?format=json","vulnerability_id":"VCID-zww8-cs3r-9yax","summary":"OpenStack Nova Multiple directory traversal vulnerabilities\nMultiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4596","reference_id":"","reference_type":"","scores":[{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67937","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4596"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/885167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/885167"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/894755","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/894755"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6"},{"reference_url":"https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e"},{"reference_url":"https://lists.launchpad.net/openstack/msg06105.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg06105.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4596","reference_id":"CVE-2011-4596","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4596"},{"reference_url":"https://github.com/advisories/GHSA-qr62-r9xc-r2gj","reference_id":"GHSA-qr62-r9xc-r2gj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qr62-r9xc-r2gj"},{"reference_url":"https://usn.ubuntu.com/1305-1/","reference_id":"USN-1305-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1305-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/199843?format=json","purl":"pkg:deb/debian/nova@2012.1~e1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1~e1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199840?format=json","purl":"pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajec-k7qb-6yek"},{"vulnerability":"VCID-fpvj-5qws-tydy"},{"vulnerability":"VCID-rk1s-qbb6-2yh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199838?format=json","purl":"pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199842?format=json","purl":"pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/199841?format=json","purl":"pkg:deb/debian/nova@2:33.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}],"aliases":["CVE-2011-4596","GHSA-qr62-r9xc-r2gj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zww8-cs3r-9yax"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie"}