Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923326?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "type": "deb", "namespace": "debian", "name": "glance", "version": "2:30.0.0-3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:31.0.0-3", "latest_non_vulnerable_version": "2:32.0.0-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97090?format=api", "vulnerability_id": "VCID-yzt4-fp6y-h3f1", "summary": "OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07267", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07311", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08186", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08372", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08443", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08455", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08436", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08421", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08117", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08281", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08258", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08219", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34881" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/2138602", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/" } ], "url": "https://bugs.launchpad.net/glance/+bug/2138602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34881", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34881" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-004.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274", "reference_id": "1131274", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453289", "reference_id": "2453289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453289" }, { "reference_url": "https://github.com/advisories/GHSA-mc26-q38v-83gv", "reference_id": "GHSA-mc26-q38v-83gv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mc26-q38v-83gv" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923345?format=api", "purl": "pkg:deb/debian/glance@2:31.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:31.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-34881", "GHSA-mc26-q38v-83gv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzt4-fp6y-h3f1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5463?format=api", "vulnerability_id": "VCID-4gfp-cgn8-mygq", "summary": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9684.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6896", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68821", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6886", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68908", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68939", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68974", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6898", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9684" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1371118", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1371118" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c" }, { "reference_url": "https://github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9684", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9684" }, { "reference_url": "http://www.securityfocus.com/bid/72692", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/72692" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697", "reference_id": "1194697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697" }, { "reference_url": "https://github.com/advisories/GHSA-h737-q6g6-8wr6", "reference_id": "GHSA-h737-q6g6-8wr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h737-q6g6-8wr6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0938", "reference_id": "RHSA-2015:0938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0938" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923336?format=api", "purl": "pkg:deb/debian/glance@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9684", "GHSA-h737-q6g6-8wr6", "PYSEC-2015-37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gfp-cgn8-mygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55241?format=api", "vulnerability_id": "VCID-9sg5-tbvn-syba", "summary": "OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1897", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1897" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5286" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55591", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55743", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55747", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5565", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55667", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55643", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55731", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5286" }, { "reference_url": "https://bugs.launchpad.net/bugs/1498163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/bugs/1498163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-020.html" }, { "reference_url": "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943" }, { "reference_url": "http://www.securityfocus.com/bid/76943", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/76943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741", "reference_id": "800741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gvjg-r9fv-7qx9", "reference_id": "GHSA-gvjg-r9fv-7qx9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvjg-r9fv-7qx9" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923340?format=api", "purl": "pkg:deb/debian/glance@1:11.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@1:11.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5286", "GHSA-gvjg-r9fv-7qx9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9sg5-tbvn-syba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6864?format=api", "vulnerability_id": "VCID-9zm2-a38f-33g3", "summary": "Improper Access Control\nWhen the `download_image` policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52718", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.5271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52807", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.5279", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52811", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52818", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52802", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52751", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52666", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4428" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1235378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/glance/+bug/1235378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428" }, { "reference_url": "https://github.com/openstack/glance/commit/a50bfb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/glance/commit/a50bfb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019572", "reference_id": "1019572", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019572" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478", "reference_id": "726478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1525", "reference_id": "RHSA-2013:1525", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1525" }, { "reference_url": "https://usn.ubuntu.com/2003-1/", "reference_id": "USN-2003-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2003-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923330?format=api", "purl": "pkg:deb/debian/glance@2013.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2013.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4428" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zm2-a38f-33g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5462?format=api", "vulnerability_id": "VCID-amnu-d5wp-jqb6", "summary": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1881.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6896", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68821", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6886", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68908", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68929", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68939", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68968", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68974", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.6898", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1881" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1420696", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1420696" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/25a722e614eacc47e4658f0bca6343fa52f7d03f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/25a722e614eacc47e4658f0bca6343fa52f7d03f" }, { "reference_url": "https://github.com/openstack/glance/commit/78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-38.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1881", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1881" }, { "reference_url": "http://www.securityfocus.com/bid/72694", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/72694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697", "reference_id": "1194697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697" }, { "reference_url": "https://github.com/advisories/GHSA-4jp4-3c62-r8jv", "reference_id": "GHSA-4jp4-3c62-r8jv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jp4-3c62-r8jv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0938", "reference_id": "RHSA-2015:0938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0938" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923336?format=api", "purl": "pkg:deb/debian/glance@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1881", "GHSA-4jp4-3c62-r8jv", "PYSEC-2015-38" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amnu-d5wp-jqb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=api", "vulnerability_id": "VCID-br4q-499g-vqhg", "summary": "OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72764", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.7263", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72771", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72732", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72669", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.72653", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47951" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://launchpad.net/bugs/1996188", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://launchpad.net/bugs/1996188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-002.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5336" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5337" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561", "reference_id": "1029561", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562", "reference_id": "1029562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563", "reference_id": "1029563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812", "reference_id": "2161812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161812" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951", "reference_id": "CVE-2022-47951", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47951" }, { "reference_url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc", "reference_id": "GHSA-7h75-hwxx-qpgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7h75-hwxx-qpgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1015", "reference_id": "RHSA-2023:1015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1016", "reference_id": "RHSA-2023:1016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1017", "reference_id": "RHSA-2023:1017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1278", "reference_id": "RHSA-2023:1278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1279", "reference_id": "RHSA-2023:1279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1280", "reference_id": "RHSA-2023:1280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1280" }, { "reference_url": "https://usn.ubuntu.com/5835-1/", "reference_id": "USN-5835-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-1/" }, { "reference_url": "https://usn.ubuntu.com/5835-2/", "reference_id": "USN-5835-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-2/" }, { "reference_url": "https://usn.ubuntu.com/5835-3/", "reference_id": "USN-5835-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-3/" }, { "reference_url": "https://usn.ubuntu.com/5835-4/", "reference_id": "USN-5835-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-4/" }, { "reference_url": "https://usn.ubuntu.com/5835-5/", "reference_id": "USN-5835-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5835-5/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923342?format=api", "purl": "pkg:deb/debian/glance@2:25.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-47951", "GHSA-7h75-hwxx-qpgc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55776?format=api", "vulnerability_id": "VCID-fh42-vdj2-dqgu", "summary": "OpenStack Glance Bypass the storage quota and Denial of service\nOpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53486", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53442", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5759", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57733", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57729", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9623" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1383973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1383973" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1398830", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1398830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623" }, { "reference_url": "http://secunia.com/advisories/62165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/62165" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea" }, { "reference_url": "https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31" }, { "reference_url": "https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9623", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9623" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-003.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/18/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183647", "reference_id": "1183647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183647" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580", "reference_id": "776580", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580" }, { "reference_url": "https://github.com/advisories/GHSA-j4mh-9wq6-8rg6", "reference_id": "GHSA-j4mh-9wq6-8rg6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4mh-9wq6-8rg6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0644", "reference_id": "RHSA-2015:0644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0837", "reference_id": "RHSA-2015:0837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0838", "reference_id": "RHSA-2015:0838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0838" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923335?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-12?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9623", "GHSA-j4mh-9wq6-8rg6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fh42-vdj2-dqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86027?format=api", "vulnerability_id": "VCID-fwaa-nnw4-1qcz", "summary": "openstack-glance: unrestricted path traversal flaw", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73221", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73088", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73124", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73136", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73179", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73188", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73181", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73229", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73227", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9493" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1400966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/glance/+bug/1400966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2014-041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "reference_url": "http://www.securityfocus.com/bid/71688", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174474", "reference_id": "1174474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174474" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836", "reference_id": "773836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9493", "reference_id": "CVE-2014-9493", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0246", "reference_id": "RHSA-2015:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923334?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9493" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwaa-nnw4-1qcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55975?format=api", "vulnerability_id": "VCID-g1mf-hrds-bubz", "summary": "OpenStack Image Service (Glance) vulnerable to Improper Access Control\nOpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0309", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0354", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0358", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0358" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0757" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3576", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36403", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36287", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36279", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36254", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36298", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36282", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3623", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35997", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35966", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35877", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0309.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0309.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-006.html" }, { "reference_url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696" }, { "reference_url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/" }, { "reference_url": "http://www.securityfocus.com/bid/82696", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/82696" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0757", "reference_id": "CVE-2016-0757", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0757" }, { "reference_url": "https://github.com/advisories/GHSA-5xrj-ghhp-hx7p", "reference_id": "GHSA-5xrj-ghhp-hx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xrj-ghhp-hx7p" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923339?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0757", "GHSA-5xrj-ghhp-hx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g1mf-hrds-bubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=api", "vulnerability_id": "VCID-h6rd-5p7q-s3gq", "summary": "OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38394", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38353", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38412", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38428", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38366", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39883", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39802", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43927", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44353", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498" }, { "reference_url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e" }, { "reference_url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40" }, { "reference_url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9" }, { "reference_url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175" }, { "reference_url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973" }, { "reference_url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f" }, { "reference_url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df" }, { "reference_url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927" }, { "reference_url": "https://launchpad.net/bugs/2059809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://launchpad.net/bugs/2059809" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32498" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-001.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/02/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761", "reference_id": "1074761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762", "reference_id": "1074762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763", "reference_id": "1074763", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663", "reference_id": "2278663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278663" }, { "reference_url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph", "reference_id": "GHSA-r4v4-w9pv-6fph", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v4-w9pv-6fph" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4272", "reference_id": "RHSA-2024:4272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4273", "reference_id": "RHSA-2024:4273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4274", "reference_id": "RHSA-2024:4274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4425", "reference_id": "RHSA-2024:4425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4425" }, { "reference_url": "https://usn.ubuntu.com/6882-1/", "reference_id": "USN-6882-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-1/" }, { "reference_url": "https://usn.ubuntu.com/6882-2/", "reference_id": "USN-6882-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6882-2/" }, { "reference_url": "https://usn.ubuntu.com/6883-1/", "reference_id": "USN-6883-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6883-1/" }, { "reference_url": "https://usn.ubuntu.com/6884-1/", "reference_id": "USN-6884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6884-1/" }, { "reference_url": "https://usn.ubuntu.com/8199-1/", "reference_id": "USN-8199-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8199-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923343?format=api", "purl": "pkg:deb/debian/glance@2:21.1.0-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.1.0-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923344?format=api", "purl": "pkg:deb/debian/glance@2:28.0.1-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:28.0.1-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32498", "GHSA-r4v4-w9pv-6fph" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5481?format=api", "vulnerability_id": "VCID-hbpu-kpak-2uer", "summary": "The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1639", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1639" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5163" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.4684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46791", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46841", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.4683", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46898", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46901", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46846", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46866", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51017", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5163" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1471912", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1471912" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5163" }, { "reference_url": "https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346" }, { "reference_url": "http://www.securityfocus.com/bid/76346", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/76346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453", "reference_id": "795453", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453" }, { "reference_url": "https://github.com/advisories/GHSA-q73f-vjc2-3gqf", "reference_id": "GHSA-q73f-vjc2-3gqf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q73f-vjc2-3gqf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923338?format=api", "purl": "pkg:deb/debian/glance@2015.1.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2015.1.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5163", "GHSA-q73f-vjc2-3gqf", "PYSEC-2015-39" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpu-kpak-2uer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57914?format=api", "vulnerability_id": "VCID-k2u9-5g8v-bucz", "summary": "OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1897", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1897" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5251" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37975", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38499", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38524", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38425", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38205", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38182", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38086", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5251" }, { "reference_url": "https://bugs.launchpad.net/bugs/1482371", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/bugs/1482371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931", "reference_id": "799931", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-q748-mcwg-xmqv", "reference_id": "GHSA-q748-mcwg-xmqv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q748-mcwg-xmqv" }, { "reference_url": "https://usn.ubuntu.com/3446-1/", "reference_id": "USN-3446-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3446-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923340?format=api", "purl": "pkg:deb/debian/glance@1:11.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@1:11.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5251", "GHSA-q748-mcwg-xmqv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2u9-5g8v-bucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55735?format=api", "vulnerability_id": "VCID-mz1p-z6ca-wydw", "summary": "OpenStack Glance is vulnerable to Exposure of Sensitive Information\nThe v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.", "references": [ { "reference_url": "http://osvdb.org/91304", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/91304" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5695", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56932", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5702", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57023", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57025", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56885", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56998", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56974", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57027", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56994", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57038", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56879", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1840" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1135541", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1135541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1840" }, { "reference_url": "http://secunia.com/advisories/52565", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/52565" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/74b067df9726f9cf3e6e17e248719794a6ee0745", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/74b067df9726f9cf3e6e17e248719794a6ee0745" }, { "reference_url": "https://github.com/openstack/glance/commit/dd849a9be540bedd4fd904cc0b86ccd9c3e34af2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/dd849a9be540bedd4fd904cc0b86ccd9c3e34af2" }, { "reference_url": "https://github.com/openstack/glance/commit/e75764eee34915f8bc5b664ac18e47a556c9d3dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/e75764eee34915f8bc5b664ac18e47a556c9d3dd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1840" }, { "reference_url": "https://review.openstack.org/#/c/24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24437" }, { "reference_url": "https://review.openstack.org/#/c/24437/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24437/" }, { "reference_url": "https://review.openstack.org/#/c/24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24438" }, { "reference_url": "https://review.openstack.org/#/c/24438/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24438/" }, { "reference_url": "https://review.openstack.org/#/c/24439", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/24439" }, { "reference_url": "https://review.openstack.org/#/c/24439/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/24439/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/03/14/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/03/14/15" }, { "reference_url": "http://www.securityfocus.com/bid/58490", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/58490" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1764-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1764-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063", "reference_id": "703063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-c8w9-83vg-r8vv", "reference_id": "GHSA-c8w9-83vg-r8vv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8w9-83vg-r8vv" }, { "reference_url": "https://usn.ubuntu.com/1764-1/", "reference_id": "USN-1764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923329?format=api", "purl": "pkg:deb/debian/glance@2012.1.1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1840", "GHSA-c8w9-83vg-r8vv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mz1p-z6ca-wydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5309?format=api", "vulnerability_id": "VCID-qwg8-evdp-jkfn", "summary": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0209", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0209" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.79026", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.7892", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78902", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78927", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.7896", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78956", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78987", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78993", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.7901", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01203", "scoring_system": "epss", "scoring_elements": "0.78885", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0212" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1098962", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1098962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0212" }, { "reference_url": "http://secunia.com/advisories/51957", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51957" }, { "reference_url": "http://secunia.com/advisories/51990", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51990" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7" }, { "reference_url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1" }, { "reference_url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml" }, { "reference_url": "https://launchpad.net/glance/+milestone/2012.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/glance/+milestone/2012.2.3" }, { "reference_url": "https://lists.launchpad.net/openstack/msg20517.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.launchpad.net/openstack/msg20517.html" }, { "reference_url": "http://ubuntu.com/usn/usn-1710-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1710-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/01/29/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0212", "reference_id": "CVE-2013-0212", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0212" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0212", "reference_id": "CVE-2013-0212", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0212" }, { "reference_url": "https://github.com/advisories/GHSA-xv7j-2v4w-cjvh", "reference_id": "GHSA-xv7j-2v4w-cjvh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7j-2v4w-cjvh" }, { "reference_url": "https://usn.ubuntu.com/1710-1/", "reference_id": "USN-1710-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1710-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923328?format=api", "purl": "pkg:deb/debian/glance@2012.1.1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0212", "GHSA-xv7j-2v4w-cjvh", "PYSEC-2013-37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwg8-evdp-jkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59896?format=api", "vulnerability_id": "VCID-ruvh-knrw-pygu", "summary": "OpenStack Glance Server-Side Request Forgery (SSRF)\nAn SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59028", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59126", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59289", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59308", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59327", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59287", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59246", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59304", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59285", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7200" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1153614", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1153614" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1606495", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1606495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7200", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7200" }, { "reference_url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0078", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0078" }, { "reference_url": "http://www.securityfocus.com/bid/96988", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434244", "reference_id": "1434244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434244" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-j6mr-cm6x-h6jg", "reference_id": "GHSA-j6mr-cm6x-h6jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6mr-cm6x-h6jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923341?format=api", "purl": "pkg:deb/debian/glance@2:13.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:13.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-7200", "GHSA-j6mr-cm6x-h6jg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruvh-knrw-pygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5297?format=api", "vulnerability_id": "VCID-snjn-ymc5-qkg9", "summary": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html" }, { "reference_url": "http://osvdb.org/87248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/87248" }, { "reference_url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4573.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.7482", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74815", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74812", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74805", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74764", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74691", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74694", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74721", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74734", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.74743", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4573" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1065187", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1065187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573" }, { "reference_url": "http://secunia.com/advisories/51174", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/51174" }, { "reference_url": "http://secunia.com/advisories/51234", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/51234" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc" }, { "reference_url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6" }, { "reference_url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-29.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4573", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4573" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/07/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/09/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5" }, { "reference_url": "http://www.securityfocus.com/bid/56437", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/56437" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1626-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1626-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1626-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1626-2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641", "reference_id": "692641", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=872302", "reference_id": "872302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872302" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-6rrm-xxvh-7r87", "reference_id": "GHSA-6rrm-xxvh-7r87", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rrm-xxvh-7r87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1558", "reference_id": "RHSA-2012:1558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1558" }, { "reference_url": "https://usn.ubuntu.com/1626-1/", "reference_id": "USN-1626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1626-1/" }, { "reference_url": "https://usn.ubuntu.com/1626-2/", "reference_id": "USN-1626-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1626-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923323?format=api", "purl": "pkg:deb/debian/glance@2012.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-4573", "GHSA-6rrm-xxvh-7r87", "PYSEC-2012-29" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snjn-ymc5-qkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15805?format=api", "vulnerability_id": "VCID-t91r-2xja-17hy", "summary": "OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme\nThe V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a `filesystem://` URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78181", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78168", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78155", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78082", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78077", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78108", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78122", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78123", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78031", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78039", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78051", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1195" }, { "reference_url": "https://bugs.launchpad.net/ossa/+bug/1408663", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossa/+bug/1408663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195" }, { "reference_url": "http://secunia.com/advisories/62169", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/62169" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088" }, { "reference_url": "https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99" }, { "reference_url": "https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/15/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/18/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "http://www.securityfocus.com/bid/71976", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/71976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181533", "reference_id": "1181533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181533" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926", "reference_id": "775926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1195", "reference_id": "CVE-2015-1195", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1195" }, { "reference_url": "https://github.com/advisories/GHSA-pwrj-f53c-f89j", "reference_id": "GHSA-pwrj-f53c-f89j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwrj-f53c-f89j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923337?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1195", "GHSA-pwrj-f53c-f89j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t91r-2xja-17hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85577?format=api", "vulnerability_id": "VCID-tafu-6gx3-n7bf", "summary": "openstack-glance: potential resource exhaustion task flow API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58233", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58319", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58339", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58313", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58372", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58367", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5838", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58384", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58361", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58322", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58335", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62126", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62072", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243927", "reference_id": "1243927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243927" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896", "reference_id": "793896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923338?format=api", "purl": "pkg:deb/debian/glance@2015.1.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2015.1.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3289" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tafu-6gx3-n7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57709?format=api", "vulnerability_id": "VCID-uveb-gt8h-1kcr", "summary": "OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability\nThe Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0455" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-0162" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6824", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68231", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68211", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68254", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68262", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68266", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68189", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68204", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162" }, { "reference_url": "https://launchpad.net/bugs/1298698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1298698" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0162" }, { "reference_url": "https://opendev.org/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/glance" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/10/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2193-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2193-1" }, { "reference_url": "https://github.com/advisories/GHSA-r7pj-rvwg-vxhr", "reference_id": "GHSA-r7pj-rvwg-vxhr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7pj-rvwg-vxhr" }, { "reference_url": "https://usn.ubuntu.com/2193-1/", "reference_id": "USN-2193-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2193-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923331?format=api", "purl": "pkg:deb/debian/glance@2014.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0162", "GHSA-r7pj-rvwg-vxhr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uveb-gt8h-1kcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54464?format=api", "vulnerability_id": "VCID-wvq2-r6u8-7bet", "summary": "OpenStack Glance improper validation of the image_size_cap configuration option\nOpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74195", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74186", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74137", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74188", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74194", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74119", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74161", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74152", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74068", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74101", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5356" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1315321", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1315321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356" }, { "reference_url": "http://secunia.com/advisories/60743", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60743" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47" }, { "reference_url": "https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312" }, { "reference_url": "https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5356", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5356" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/08/21/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2322-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2322-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131770", "reference_id": "1131770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131770" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-479j-jf2p-38pg", "reference_id": "GHSA-479j-jf2p-38pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-479j-jf2p-38pg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1337", "reference_id": "RHSA-2014:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1338", "reference_id": "RHSA-2014:1338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1685", "reference_id": "RHSA-2014:1685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1685" }, { "reference_url": "https://usn.ubuntu.com/2322-1/", "reference_id": "USN-2322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923333?format=api", "purl": "pkg:deb/debian/glance@2014.1.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-5356", "GHSA-479j-jf2p-38pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvq2-r6u8-7bet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5298?format=api", "vulnerability_id": "VCID-xne9-2tb7-kyfq", "summary": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html" }, { "reference_url": "http://osvdb.org/87248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/87248" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80503", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80433", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80538", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.8052", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80394", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80415", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80404", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80473", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.8047", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80469", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.8044", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80388", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01403", "scoring_system": "epss", "scoring_elements": "0.80462", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5482" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1076506", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1076506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5482" }, { "reference_url": "http://secunia.com/advisories/51174", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/51174" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88" }, { "reference_url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-30.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-30.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/07/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/08/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/09/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/11/09/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5" }, { "reference_url": "http://www.securityfocus.com/bid/56437", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/56437" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641", "reference_id": "692641", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5482", "reference_id": "CVE-2012-5482", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5482" }, { "reference_url": "https://github.com/advisories/GHSA-vwr9-9f8v-vp5m", "reference_id": "GHSA-vwr9-9f8v-vp5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwr9-9f8v-vp5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923327?format=api", "purl": "pkg:deb/debian/glance@2012.1.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5482", "GHSA-vwr9-9f8v-vp5m", "PYSEC-2012-30" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xne9-2tb7-kyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5356?format=api", "vulnerability_id": "VCID-zgpj-5an4-mucg", "summary": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19009", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19496", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1926", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19391", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19395", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19252", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19261", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19271", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1917", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19117", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1948" }, { "reference_url": "https://bugs.launchpad.net/glance/+bug/1275062", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/glance/+bug/1275062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948" }, { "reference_url": "http://secunia.com/advisories/56419", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/56419" }, { "reference_url": "https://github.com/openstack/glance", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance" }, { "reference_url": "https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba" }, { "reference_url": "https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1948" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/12/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18" }, { "reference_url": "http://www.securityfocus.com/bid/65507", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064589", "reference_id": "1064589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924", "reference_id": "738924", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924" }, { "reference_url": "https://github.com/advisories/GHSA-4xw6-hj5p-4j79", "reference_id": "GHSA-4xw6-hj5p-4j79", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xw6-hj5p-4j79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0229", "reference_id": "RHSA-2014:0229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923332?format=api", "purl": "pkg:deb/debian/glance@2013.2.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2013.2.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1948", "GHSA-4xw6-hj5p-4j79", "PYSEC-2014-102" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpj-5an4-mucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=api", "vulnerability_id": "VCID-zy9m-d25c-5uga", "summary": "OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2923.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2991.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0156.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0165.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0282.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87701", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87746", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87763", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87757", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.8777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0359", "scoring_system": "epss", "scoring_elements": "0.87791", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87819", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0361", "scoring_system": "epss", "scoring_elements": "0.87832", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5" }, { "reference_url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f" }, { "reference_url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397" }, { "reference_url": "https://launchpad.net/bugs/1449062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1449062" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/10/06/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/10/06/8" }, { "reference_url": "http://www.securityfocus.com/bid/76849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76849" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2015-5162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162", "reference_id": "CVE-2015-5162", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5162" }, { "reference_url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx", "reference_id": "GHSA-g2j5-7vgx-6xrx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2j5-7vgx-6xrx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2923", "reference_id": "RHSA-2016:2923", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2991", "reference_id": "RHSA-2016:2991", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2991" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0153", "reference_id": "RHSA-2017:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0156", "reference_id": "RHSA-2017:0156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0165", "reference_id": "RHSA-2017:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0282", "reference_id": "RHSA-2017:0282", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0282" }, { "reference_url": "https://usn.ubuntu.com/3449-1/", "reference_id": "USN-3449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923339?format=api", "purl": "pkg:deb/debian/glance@2:12.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923324?format=api", "purl": "pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923322?format=api", "purl": "pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923326?format=api", "purl": "pkg:deb/debian/glance@2:30.0.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yzt4-fp6y-h3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/923325?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066826?format=api", "purl": "pkg:deb/debian/glance@2:32.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5162", "GHSA-g2j5-7vgx-6xrx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie" }