{"url":"http://public2.vulnerablecode.io/api/packages/55100?format=json","purl":"pkg:pypi/nova@19.0.0","type":"pypi","namespace":"","name":"nova","version":"19.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"112.0.0.0b3","latest_non_vulnerable_version":"2015.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202810?format=json","vulnerability_id":"VCID-1554-pyeh-j3gw","summary":"OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2256.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-2256"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65134","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2256"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1194093","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1194093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/281","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/281"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2256"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905","reference_id":"718905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340","reference_id":"993340","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=993340"},{"reference_url":"https://github.com/advisories/GHSA-5mj6-643f-2g85","reference_id":"GHSA-5mj6-643f-2g85","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5mj6-643f-2g85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"RHSA-2013:1199","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386434?format=json","purl":"pkg:pypi/nova@2013.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.1.3"}],"aliases":["CVE-2013-2256","GHSA-5mj6-643f-2g85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1554-pyeh-j3gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83208?format=json","vulnerability_id":"VCID-2ujk-shpw-3fah","summary":"An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05348","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24708"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/3eba22ff09c81a61750fbb4882e5f1f01a20fdf5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2026/02/msg00025.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294","reference_id":"1128294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128294"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/2137507","reference_id":"2137507","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://bugs.launchpad.net/nova/+bug/2137507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312","reference_id":"2430312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430312"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/02/17/7","reference_id":"7","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T19:07:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/02/17/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708","reference_id":"CVE-2026-24708","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24708"},{"reference_url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6","reference_id":"GHSA-m4f3-qp2w-gwh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4f3-qp2w-gwh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7884","reference_id":"RHSA-2026:7884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7884"},{"reference_url":"https://usn.ubuntu.com/8049-1/","reference_id":"USN-8049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8049-1/"}],"fixed_packages":[],"aliases":["CVE-2026-24708","GHSA-m4f3-qp2w-gwh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ujk-shpw-3fah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203410?format=json","vulnerability_id":"VCID-4vef-f32z-dkea","summary":"The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1781.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1782.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3608"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3608"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1338830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1338830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/65","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/65"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3608"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/70220"},{"reference_url":"http://www.securityfocus.com/bid/70220","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253","reference_id":"1148253","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1148253"},{"reference_url":"https://github.com/advisories/GHSA-92hc-c226-32q7","reference_id":"GHSA-92hc-c226-32q7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-92hc-c226-32q7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1781","reference_id":"RHSA-2014:1781","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1782","reference_id":"RHSA-2014:1782","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1782"},{"reference_url":"https://usn.ubuntu.com/2407-1/","reference_id":"USN-2407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386299?format=json","purl":"pkg:pypi/nova@2014.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.3"}],"aliases":["CVE-2014-3608","GHSA-92hc-c226-32q7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vef-f32z-dkea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204071?format=json","vulnerability_id":"VCID-66j7-m3hy-u7e7","summary":"OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2684.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7713.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-7713"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81665","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7713"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1491307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1491307"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1492961","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1492961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7713"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-021.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-021.html"},{"reference_url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024902/http://www.securityfocus.com/bid/76960"},{"reference_url":"http://www.securityfocus.com/bid/76960","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119","reference_id":"1269119","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269119"},{"reference_url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr","reference_id":"GHSA-67rh-9p29-vrxr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-67rh-9p29-vrxr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2673","reference_id":"RHSA-2015:2673","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2684","reference_id":"RHSA-2015:2684","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:2684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0013","reference_id":"RHSA-2016:0013","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0017","reference_id":"RHSA-2016:0017","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0017"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385351?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385352?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-7713","GHSA-67rh-9p29-vrxr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66j7-m3hy-u7e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202878?format=json","vulnerability_id":"VCID-9w6n-e1gk-b7gj","summary":"The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.  NOTE: this issue is due to an incomplete fix for CVE-2013-1664.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4179"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71821","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4179"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1190229","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1190229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4179"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.ubuntu.com/usn/USN-2005-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2005-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707","reference_id":"989707","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=989707"},{"reference_url":"https://github.com/advisories/GHSA-j6xh-q826-55jw","reference_id":"GHSA-j6xh-q826-55jw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j6xh-q826-55jw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1199","reference_id":"RHSA-2013:1199","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1199"},{"reference_url":"https://usn.ubuntu.com/2000-1/","reference_id":"USN-2000-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2000-1/"},{"reference_url":"https://usn.ubuntu.com/2005-1/","reference_id":"USN-2005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385573?format=json","purl":"pkg:pypi/nova@2013.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2"}],"aliases":["CVE-2013-4179","GHSA-j6xh-q826-55jw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9w6n-e1gk-b7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52762?format=json","vulnerability_id":"VCID-b5nx-bq5u-mbbn","summary":"An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44037","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"2059809","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"CVE-2024-32498","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"OSSA-2024-001.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5nx-bq5u-mbbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6342?format=json","vulnerability_id":"VCID-br2q-e9rn-vbau","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2622","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2631","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2652","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2652"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80153","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14433"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pg64-r7rr-phv8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pg64-r7rr-phv8"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/298b337a16c0d10916b4431c436d19b3d6f5360e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2019-191.yaml"},{"reference_url":"https://launchpad.net/bugs/1837877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1837877"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14433"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2019-003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2019-003.html"},{"reference_url":"https://usn.ubuntu.com/4104-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4104-1"},{"reference_url":"https://usn.ubuntu.com/4104-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4104-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/06/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/06/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735522","reference_id":"1735522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735522"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114","reference_id":"934114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934114"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55105?format=json","purl":"pkg:pypi/nova@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-g2c5-qmfn-mfc3"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-kvhr-f11b-q7dp"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.2"}],"aliases":["CVE-2019-14433","GHSA-pg64-r7rr-phv8","PYSEC-2019-191"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br2q-e9rn-vbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203389?format=json","vulnerability_id":"VCID-c8sr-e4kg-quee","summary":"api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3517"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.61051","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3517"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1325128","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1325128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3517"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/07/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/07/17/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499","reference_id":"1112499","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112499"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042","reference_id":"755042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042"},{"reference_url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5","reference_id":"GHSA-xjmj-p278-4jp5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xjmj-p278-4jp5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0940","reference_id":"RHSA-2014:0940","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0940"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1084","reference_id":"RHSA-2014:1084","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1084"},{"reference_url":"https://usn.ubuntu.com/2325-1/","reference_id":"USN-2325-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2325-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386257?format=json","purl":"pkg:pypi/nova@2013.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2013.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/386465?format=json","purl":"pkg:pypi/nova@2014.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.2"}],"aliases":["CVE-2014-3517","GHSA-xjmj-p278-4jp5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8sr-e4kg-quee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203747?format=json","vulnerability_id":"VCID-eqga-7wmn-wyej","summary":"OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0790.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-0259"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42675","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0259"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1409142","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1409142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0259"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112","reference_id":"1190112","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250","reference_id":"780250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250"},{"reference_url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf","reference_id":"GHSA-x8xr-rm9r-7mvf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x8xr-rm9r-7mvf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0790","reference_id":"RHSA-2015:0790","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"RHSA-2015:0843","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"RHSA-2015:0844","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384512?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385635?format=json","purl":"pkg:pypi/nova@2014.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.3"}],"aliases":["CVE-2015-0259","GHSA-x8xr-rm9r-7mvf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqga-7wmn-wyej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219?format=json","vulnerability_id":"VCID-etrz-64j3-6bcy","summary":"","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0844.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3708"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.78018","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3708"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1358583","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1358583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3708"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200901000000*/http://www.securityfocus.com/bid/70777"},{"reference_url":"http://www.securityfocus.com/bid/70777","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/70777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951","reference_id":"1154951","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154951"},{"reference_url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg","reference_id":"GHSA-43hc-pwvx-pmfg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-43hc-pwvx-pmfg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0843","reference_id":"RHSA-2015:0843","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0844","reference_id":"RHSA-2015:0844","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:0844"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384512?format=json","purl":"pkg:pypi/nova@2014.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/384513?format=json","purl":"pkg:pypi/nova@2014.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.1"}],"aliases":["CVE-2014-3708","GHSA-43hc-pwvx-pmfg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etrz-64j3-6bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203916?format=json","vulnerability_id":"VCID-fju1-wc5r-hua7","summary":"OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3280.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3280"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74411","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280"},{"reference_url":"https://launchpad.net/bugs/1392527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1392527"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3280"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-017.html"},{"reference_url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228023247/http://www.securityfocus.com/bid/76553"},{"reference_url":"http://www.securityfocus.com/bid/76553","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942","reference_id":"1257942","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257942"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883","reference_id":"798883","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798883"},{"reference_url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7","reference_id":"GHSA-mfmj-gwg3-vhw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfmj-gwg3-vhw7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"RHSA-2015:1898","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385351?format=json","purl":"pkg:pypi/nova@2014.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2014.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385352?format=json","purl":"pkg:pypi/nova@2015.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@2015.1.2"}],"aliases":["CVE-2015-3280","GHSA-mfmj-gwg3-vhw7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fju1-wc5r-hua7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/662?format=json","vulnerability_id":"VCID-g2c5-qmfn-mfc3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9543.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24199","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9543"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/08f1f914cc219cf526adfb08c46b8f40b4e78232"},{"reference_url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/26d4047e17eba9bc271f8868f1d0ffeec97b555e"},{"reference_url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/d8fbf04f325f593836f8d44b6bbf42b85bde94e3"},{"reference_url":"https://launchpad.net/bugs/1492140","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1492140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9543"},{"reference_url":"https://review.opendev.org/220622","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/220622"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-001.html","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-001.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/02/19/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805386","reference_id":"1805386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805386"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635","reference_id":"951635","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635"},{"reference_url":"https://github.com/advisories/GHSA-22jm-4hxw-35jf","reference_id":"GHSA-22jm-4hxw-35jf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22jm-4hxw-35jf"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60501?format=json","purl":"pkg:pypi/nova@19.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-kvhr-f11b-q7dp"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60506?format=json","purl":"pkg:pypi/nova@20.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-kvhr-f11b-q7dp"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.1.0"}],"aliases":["CVE-2015-9543","GHSA-22jm-4hxw-35jf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2c5-qmfn-mfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12669?format=json","vulnerability_id":"VCID-ggvm-x76g-3ya9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.70382","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"1996188","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"dsa-5336","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"dsa-5337","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"dsa-5338","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"msg00041.html","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"msg00042.html","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"OSSA-2023-002.html","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25638?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/610075?format=json","purl":"pkg:pypi/nova@24.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/25636?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/610076?format=json","purl":"pkg:pypi/nova@25.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.1.0"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggvm-x76g-3ya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62531?format=json","vulnerability_id":"VCID-gzcv-yvj9-wqc6","summary":"In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.7508","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40767"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/924731","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/924731"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/23/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/23/2"},{"reference_url":"https://launchpad.net/bugs/2071734","reference_id":"2071734","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://launchpad.net/bugs/2071734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217","reference_id":"2297217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767","reference_id":"CVE-2024-40767","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40767"},{"reference_url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m","reference_id":"GHSA-rm86-h44c-2r2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm86-h44c-2r2m"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-002.html","reference_id":"OSSA-2024-002.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-002.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5082","reference_id":"RHSA-2024:5082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5083","reference_id":"RHSA-2024:5083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5083"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5097","reference_id":"RHSA-2024:5097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5113","reference_id":"RHSA-2024:5113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5113"},{"reference_url":"https://security.openstack.org","reference_id":"security.openstack.org","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/"}],"url":"https://security.openstack.org"},{"reference_url":"https://usn.ubuntu.com/6911-1/","reference_id":"USN-6911-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6911-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/727332?format=json","purl":"pkg:pypi/nova@28.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@28.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/727335?format=json","purl":"pkg:pypi/nova@29.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@29.0.0.0rc1"}],"aliases":["CVE-2024-40767","GHSA-rm86-h44c-2r2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzcv-yvj9-wqc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7983?format=json","vulnerability_id":"VCID-kvhr-f11b-q7dp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-c7w7-9c85-4qxv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c7w7-9c85-4qxv"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff"},{"reference_url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/2faf17995dd9daa6f0b91e44be43264e447c678d"},{"reference_url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a721ca5f510ce3c8ef24f22dac9e475b3d7651db"},{"reference_url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b9ea91d17703f5b324a50727b6503ace0f4e95eb"},{"reference_url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/c438fd9a0eb1903306a53ab44e3ae80660d8a429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2020-243.yaml"},{"reference_url":"https://launchpad.net/bugs/1890501","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1890501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17376"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-006.html","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-006.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/25/4","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/08/25/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869426","reference_id":"1869426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869426"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052","reference_id":"969052","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3702","reference_id":"RHSA-2020:3702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3704","reference_id":"RHSA-2020:3704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3706","reference_id":"RHSA-2020:3706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3708","reference_id":"RHSA-2020:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3711","reference_id":"RHSA-2020:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3711"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60512?format=json","purl":"pkg:pypi/nova@19.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60513?format=json","purl":"pkg:pypi/nova@20.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/542601?format=json","purl":"pkg:pypi/nova@20.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@20.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60514?format=json","purl":"pkg:pypi/nova@21.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-q7vu-6t1d-vbcx"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.1.0"}],"aliases":["CVE-2020-17376","GHSA-c7w7-9c85-4qxv","PYSEC-2020-243"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhr-f11b-q7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203910?format=json","vulnerability_id":"VCID-phpc-pfy6-gkeb","summary":"OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1723.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1898.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3241.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-3241"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83917","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707"},{"reference_url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1"},{"reference_url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff"},{"reference_url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml"},{"reference_url":"https://launchpad.net/bugs/1387543","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1387543"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3241"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-015.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-015.html"},{"reference_url":"http://www.securityfocus.com/bid/75372","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/75372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782","reference_id":"1232782","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232782"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109","reference_id":"796109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796109"},{"reference_url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx","reference_id":"GHSA-3vx7-xff6-h2vx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vx7-xff6-h2vx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1723","reference_id":"RHSA-2015:1723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1898","reference_id":"RHSA-2015:1898","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1898"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384656?format=json","purl":"pkg:pypi/nova@112.0.0.0b3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@112.0.0.0b3"}],"aliases":["CVE-2015-3241","GHSA-3vx7-xff6-h2vx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phpc-pfy6-gkeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9810?format=json","vulnerability_id":"VCID-q7vu-6t1d-vbcx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654","reference_id":"","reference_type":"","scores":[{"value":"0.87177","scoring_system":"epss","scoring_elements":"0.99468","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3654"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1927677","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1927677"},{"reference_url":"https://bugs.python.org/issue32084","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.python.org/issue32084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova"},{"reference_url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"},{"reference_url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2021-002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2021-002.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2021/07/29/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2021/07/29/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441","reference_id":"991441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654","reference_id":"CVE-2021-3654","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654"},{"reference_url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp","reference_id":"GHSA-vqp6-j452-j6wp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0983","reference_id":"RHSA-2022:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0999","reference_id":"RHSA-2022:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0999"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19594?format=json","purl":"pkg:pypi/nova@21.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@21.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/19600?format=json","purl":"pkg:pypi/nova@22.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/542618?format=json","purl":"pkg:pypi/nova@22.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@22.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19597?format=json","purl":"pkg:pypi/nova@23.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/542621?format=json","purl":"pkg:pypi/nova@23.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-v6cs-8fz4-y3av"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.1.0"}],"aliases":["CVE-2021-3654","GHSA-vqp6-j452-j6wp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7vu-6t1d-vbcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12267?format=json","vulnerability_id":"VCID-v6cs-8fz4-y3av","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50435","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37394"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1981813","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1981813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/0c87681135cfb3ce61d2a0392928c1dbc1fe5fde"},{"reference_url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/1a98a1a650d065a8ab3e1c474f3b9fd537dc2206"},{"reference_url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/4954f993680c75fd9d3d507f2dcd00300c9b3d44"},{"reference_url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/a28c82719545d5c8ee7f3ff1361b3a796e05095a"},{"reference_url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/e43bf900dc8ca66578603bed333c56b215b1876e"},{"reference_url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/f8c91eb75fc5504a37fc3b4be1d65d33dbc9b511"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/849985","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/849985"},{"reference_url":"https://review.opendev.org/c/openstack/nova/+/850003","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/nova/+/850003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980","reference_id":"1016980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333","reference_id":"2117333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117333"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394","reference_id":"CVE-2022-37394","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37394"},{"reference_url":"https://github.com/advisories/GHSA-v725-c588-h936","reference_id":"GHSA-v725-c588-h936","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v725-c588-h936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1948","reference_id":"RHSA-2023:1948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1948"},{"reference_url":"https://usn.ubuntu.com/5866-1/","reference_id":"USN-5866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25639?format=json","purl":"pkg:pypi/nova@23.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@23.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/558342?format=json","purl":"pkg:pypi/nova@24.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-ggvm-x76g-3ya9"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/25638?format=json","purl":"pkg:pypi/nova@24.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@24.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/558345?format=json","purl":"pkg:pypi/nova@25.0.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1554-pyeh-j3gw"},{"vulnerability":"VCID-2ujk-shpw-3fah"},{"vulnerability":"VCID-4vef-f32z-dkea"},{"vulnerability":"VCID-66j7-m3hy-u7e7"},{"vulnerability":"VCID-9w6n-e1gk-b7gj"},{"vulnerability":"VCID-b5nx-bq5u-mbbn"},{"vulnerability":"VCID-c8sr-e4kg-quee"},{"vulnerability":"VCID-eqga-7wmn-wyej"},{"vulnerability":"VCID-etrz-64j3-6bcy"},{"vulnerability":"VCID-fju1-wc5r-hua7"},{"vulnerability":"VCID-gzcv-yvj9-wqc6"},{"vulnerability":"VCID-phpc-pfy6-gkeb"},{"vulnerability":"VCID-z3ju-27yw-dkb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/25636?format=json","purl":"pkg:pypi/nova@25.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@25.0.2"}],"aliases":["CVE-2022-37394","GHSA-v725-c588-h936"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6cs-8fz4-y3av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218612?format=json","vulnerability_id":"VCID-z3ju-27yw-dkb4","summary":"keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10875","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2030"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1174608","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1174608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=958285"},{"reference_url":"https://github.com/openstack/nova","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova"},{"reference_url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce"},{"reference_url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7"},{"reference_url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60"},{"reference_url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2030"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/2"},{"reference_url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv","reference_id":"GHSA-pxxv-rv32-2qgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pxxv-rv32-2qgv"}],"fixed_packages":[],"aliases":["CVE-2013-2030","GHSA-pxxv-rv32-2qgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ju-27yw-dkb4"}],"fixing_vulnerabilities":[],"risk_score":"1.9","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/nova@19.0.0"}