{"url":"http://public2.vulnerablecode.io/api/packages/302867?format=json","purl":"pkg:pypi/nova@22.0.0.0rc1","type":"pypi","namespace":"","name":"nova","version":"22.0.0.0rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15410?format=json","vulnerability_id":"VCID-1p1c-fevy-bydg","summary":"Insufficient Verification of Data Authenticity\nIt was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0790","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42631","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42694","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42576","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42646","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42556","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42615","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42666","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42701","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42665","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42708","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1409142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1409142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250","reference_id":"780250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-0259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259","reference_id":"CVE-2015-0259","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259"},{"reference_url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf","reference_id":"GHSA-x8xr-rm9r-7mvf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54426?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54427?format=json","purl":"pkg:pypi/nova@2014.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.3"}],"aliases":["CVE-2015-0259","GHSA-x8xr-rm9r-7mvf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1c-fevy-bydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15608?format=json","vulnerability_id":"VCID-5nfz-1bk3-93fe","summary":"OpenStack Nova instance migration process does not stop when instance is deleted\nOpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1723","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83606","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83496","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83543","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83534","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83568","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83593","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83601","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83481","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707"},{"reference_url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1"},{"reference_url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff"},{"reference_url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"},{"reference_url":"https://launchpad.net/bugs/1387543","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1387543"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-015.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-015.html"},{"reference_url":"http://www.securityfocus.com/bid/75372","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/75372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109","reference_id":"796109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3241"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241","reference_id":"CVE-2015-3241","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241"},{"reference_url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx","reference_id":"GHSA-3vx7-xff6-h2vx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54754?format=json","purl":"pkg:pypi/nova@112.0.0.0b3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@112.0.0.0b3"}],"aliases":["CVE-2015-3241","GHSA-3vx7-xff6-h2vx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfz-1bk3-93fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5346?format=json","vulnerability_id":"VCID-5tkb-w761-4qc6","summary":"keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10307","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10354","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10428","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10491","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10334","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10437","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1042","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10408","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1174608","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1174608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce"},{"reference_url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7"},{"reference_url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60"},{"reference_url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/2"},{"reference_url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv","reference_id":"GHSA-pxxv-rv32-2qgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv"}],"fixed_packages":[],"aliases":["CVE-2013-2030","GHSA-pxxv-rv32-2qgv","PYSEC-2013-45"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-w761-4qc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15846?format=json","vulnerability_id":"VCID-6n3z-x4zj-4bez","summary":"OpenStack Compute (Nova) allows remote attackers to bypass intended restriction\nA vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2673","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2684","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0013","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0017","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0017"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81333","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81269","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81261","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81298","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81299","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81328","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81198","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81206","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1491307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1491307"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1492961","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1492961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-021.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-021.html"},{"reference_url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960"},{"reference_url":"http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76960"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-7713"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713","reference_id":"CVE-2015-7713","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713"},{"reference_url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr","reference_id":"GHSA-67rh-9p29-vrxr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54432?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54433?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-7713","GHSA-67rh-9p29-vrxr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3z-x4zj-4bez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15663?format=json","vulnerability_id":"VCID-bauj-n7jg-gkd2","summary":"OpenStack Compute (Nova) Denial of Service vulnerability\nA denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77606","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77642","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.7764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77634","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77674","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77545","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77551","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77578","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77588","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1358583","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1358583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777"},{"reference_url":"http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70777"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3708"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708","reference_id":"CVE-2014-3708","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708"},{"reference_url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg","reference_id":"GHSA-43hc-pwvx-pmfg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54426?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54817?format=json","purl":"pkg:pypi/nova@2014.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.1"}],"aliases":["CVE-2014-3708","GHSA-43hc-pwvx-pmfg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bauj-n7jg-gkd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=json","vulnerability_id":"VCID-br4q-499g-vqhg","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.7263","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72679","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72706","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72653","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55595?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/354132?format=json","purl":"pkg:pypi/nova@24.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e6ne-73mv-73bc"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-s69v-tc7x-37fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55596?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/354133?format=json","purl":"pkg:pypi/nova@25.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e6ne-73mv-73bc"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-s69v-tc7x-37fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.1.0"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18163?format=json","vulnerability_id":"VCID-e6ne-73mv-73bc","summary":"OpenStack Nova vulnerable to unauthorized access to potentially sensitive data\nIn OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74704","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74663","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74671","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74632","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74586","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74662","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://launchpad.net/bugs/2071734","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://launchpad.net/bugs/2071734"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/924731","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/924731"},{"reference_url":"https://security.openstack.org","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/23/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/23/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217","reference_id":"2297217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217"},{"reference_url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m","reference_id":"GHSA-rm86-h44c-2r2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5082","reference_id":"RHSA-2024:5082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5083","reference_id":"RHSA-2024:5083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5083"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5097","reference_id":"RHSA-2024:5097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5113","reference_id":"RHSA-2024:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5113"},{"reference_url":"https://usn.ubuntu.com/6911-1/","reference_id":"USN-6911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/694526?format=json","purl":"pkg:pypi/nova@28.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-s69v-tc7x-37fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@28.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/694529?format=json","purl":"pkg:pypi/nova@29.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-s69v-tc7x-37fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@29.0.0.0rc1"}],"aliases":["CVE-2024-40767","GHSA-rm86-h44c-2r2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15414?format=json","vulnerability_id":"VCID-ek6e-977t-3bew","summary":"OpenStack Compute (nova) allows remote authenticated users to cause a denial of service\nA flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74056","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74002","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74049","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74017","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74016","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73925","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73976","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73935","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73984","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.7396","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73931","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73965","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280"},{"reference_url":"https://launchpad.net/bugs/1392527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1392527"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-017.html"},{"reference_url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76553"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883","reference_id":"798883","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280","reference_id":"CVE-2015-3280","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280"},{"reference_url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7","reference_id":"GHSA-mfmj-gwg3-vhw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54432?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54433?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-3280","GHSA-mfmj-gwg3-vhw7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ek6e-977t-3bew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15740?format=json","vulnerability_id":"VCID-ex1j-py3q-93hv","summary":"Exposure of Sensitive Information to an Unauthorized Actor\napi/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0940","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1084"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60652","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60641","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.6062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60662","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.6064","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.6057","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60632","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1325128","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1325128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/07/17/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042","reference_id":"755042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517","reference_id":"CVE-2014-3517","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517"},{"reference_url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5","reference_id":"GHSA-xjmj-p278-4jp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5"},{"reference_url":"https://usn.ubuntu.com/2325-1/","reference_id":"USN-2325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54943?format=json","purl":"pkg:pypi/nova@2013.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54944?format=json","purl":"pkg:pypi/nova@2014.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.2"}],"aliases":["CVE-2014-3517","GHSA-xjmj-p278-4jp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ex1j-py3q-93hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=json","vulnerability_id":"VCID-h6rd-5p7q-s3gq","summary":"OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43879","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53294?format=json","vulnerability_id":"VCID-m5vc-4my3-87gk","summary":"OpenStack Nova Changing vnic_type breaks compute service restart\nAn issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18186","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18119","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18136","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18226","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18199","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18438","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18492","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18285","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18292","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50098","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1981813","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1981813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde"},{"reference_url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206"},{"reference_url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44"},{"reference_url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a"},{"reference_url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e"},{"reference_url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/849985","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/849985"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/850003","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/850003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980","reference_id":"1016980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333","reference_id":"2117333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333"},{"reference_url":"https://github.com/advisories/GHSA-v725-c588-h936","reference_id":"GHSA-v725-c588-h936","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v725-c588-h936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1948","reference_id":"RHSA-2023:1948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1948"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80913?format=json","purl":"pkg:pypi/nova@23.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-e6ne-73mv-73bc"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-s69v-tc7x-37fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/302872?format=json","purl":"pkg:pypi/nova@24.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1p1c-fevy-bydg"},{"vulnerability":"VCID-5nfz-1bk3-93fe"},{"vulnerability":"VCID-5tkb-w761-4qc6"},{"vulnerability":"VCID-6n3z-x4zj-4bez"},{"vulnerability":"VCID-bauj-n7jg-gkd2"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-e6ne-73mv-73bc"},{"vulnerability":"VCID-ek6e-977t-3bew"},{"vulnerability":"VCID-ex1j-py3q-93hv"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-qb9p-rpza-5fa5"},{"vulnerability":"VCID-s69v-tc7x-37fe"},{"vulnerability":"VCID-sj2k-uq1g-suby"},{"vulnerability":"VCID-x5k4-dm9d-xkf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/55595?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/302875?format=json","purl":"pkg:pypi/nova@25.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1p1c-fevy-bydg"},{"vulnerability":"VCID-5nfz-1bk3-93fe"},{"vulnerability":"VCID-5tkb-w761-4qc6"},{"vulnerability":"VCID-6n3z-x4zj-4bez"},{"vulnerability":"VCID-bauj-n7jg-gkd2"},{"vulnerability":"VCID-e6ne-73mv-73bc"},{"vulnerability":"VCID-ek6e-977t-3bew"},{"vulnerability":"VCID-ex1j-py3q-93hv"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-qb9p-rpza-5fa5"},{"vulnerability":"VCID-s69v-tc7x-37fe"},{"vulnerability":"VCID-sj2k-uq1g-suby"},{"vulnerability":"VCID-x5k4-dm9d-xkf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/55596?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"}],"aliases":["CVE-2022-37394","GHSA-v725-c588-h936"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vc-4my3-87gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15462?format=json","vulnerability_id":"VCID-qb9p-rpza-5fa5","summary":"OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information\nCVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64672","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64708","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64719","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64706","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64726","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64739","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64646","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64674","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64632","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6468","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64712","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.647","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1194093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1194093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/281","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/281"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905","reference_id":"718905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-2256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256","reference_id":"CVE-2013-2256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256"},{"reference_url":"https://github.com/advisories/GHSA-5mj6-643f-2g85","reference_id":"GHSA-5mj6-643f-2g85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mj6-643f-2g85"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54498?format=json","purl":"pkg:pypi/nova@2013.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sj2k-uq1g-suby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.1.3"}],"aliases":["CVE-2013-2256","GHSA-5mj6-643f-2g85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9p-rpza-5fa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22302?format=json","vulnerability_id":"VCID-s69v-tc7x-37fe","summary":"OpenStack Nova calls qemu-img without format restrictions for resize\nAn issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03789","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03786","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05133","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18759","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18797","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18747","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21907","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21988","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22132","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22017","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22058","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22043","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22081","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/2137507","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://bugs.launchpad.net/nova/+bug/2137507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/02/17/7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/02/17/7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294","reference_id":"1128294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312","reference_id":"2430312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312"},{"reference_url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6","reference_id":"GHSA-m4f3-qp2w-gwh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7884","reference_id":"RHSA-2026:7884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7884"},{"reference_url":"https://usn.ubuntu.com/8049-1/","reference_id":"USN-8049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8049-1/"}],"fixed_packages":[],"aliases":["CVE-2026-24708","GHSA-m4f3-qp2w-gwh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s69v-tc7x-37fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16041?format=json","vulnerability_id":"VCID-sj2k-uq1g-suby","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nCVE-2013-4179 OpenStack: Nova XML entities DoS","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71359","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71365","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71344","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71406","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71275","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71292","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71322","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71345","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7133","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1190229","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1190229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.ubuntu.com/usn/USN-2005-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2005-1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4179","reference_id":"CVE-2013-4179","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4179"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179","reference_id":"CVE-2013-4179","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179"},{"reference_url":"https://github.com/advisories/GHSA-j6xh-q826-55jw","reference_id":"GHSA-j6xh-q826-55jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6xh-q826-55jw"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"},{"reference_url":"https://usn.ubuntu.com/2005-1/","reference_id":"USN-2005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55365?format=json","purl":"pkg:pypi/nova@2013.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2"}],"aliases":["CVE-2013-4179","GHSA-j6xh-q826-55jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15700?format=json","vulnerability_id":"VCID-x5k4-dm9d-xkf7","summary":"OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service\nCVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1781","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1782","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1782"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71782","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71788","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.7177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71818","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71699","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71706","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71698","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.71737","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1338830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1338830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/65","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/65"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220"},{"reference_url":"http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70220"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608","reference_id":"CVE-2014-3608","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:S/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608"},{"reference_url":"https://github.com/advisories/GHSA-92hc-c226-32q7","reference_id":"GHSA-92hc-c226-32q7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92hc-c226-32q7"},{"reference_url":"https://usn.ubuntu.com/2407-1/","reference_id":"USN-2407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54876?format=json","purl":"pkg:pypi/nova@2014.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.3"}],"aliases":["CVE-2014-3608","GHSA-92hc-c226-32q7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5k4-dm9d-xkf7"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.0.0.0rc1"}