{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","type":"deb","namespace":"debian","name":"glance","version":"2:30.0.0-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:31.0.0-3","latest_non_vulnerable_version":"2:32.0.0-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97090?format=json","vulnerability_id":"VCID-yzt4-fp6y-h3f1","summary":"OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34881","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07311","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07267","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08258","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08117","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0813","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08436","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08186","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0846","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08443","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09589","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34881"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/2138602","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/"}],"url":"https://bugs.launchpad.net/glance/+bug/2138602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34881","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34881"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2026-004.html","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2026-004.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274","reference_id":"1131274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453289","reference_id":"2453289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453289"},{"reference_url":"https://github.com/advisories/GHSA-mc26-q38v-83gv","reference_id":"GHSA-mc26-q38v-83gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc26-q38v-83gv"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923345?format=json","purl":"pkg:deb/debian/glance@2:31.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:31.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34881","GHSA-mc26-q38v-83gv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzt4-fp6y-h3f1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5463?format=json","vulnerability_id":"VCID-4gfp-cgn8-mygq","summary":"OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0938.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0938.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9684.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9684","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6896","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68839","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6886","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6884","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68908","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68974","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6898","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9684"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1371118","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1371118"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c"},{"reference_url":"https://github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9684","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9684"},{"reference_url":"http://www.securityfocus.com/bid/72692","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/72692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194697","reference_id":"1194697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194697"},{"reference_url":"https://github.com/advisories/GHSA-h737-q6g6-8wr6","reference_id":"GHSA-h737-q6g6-8wr6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h737-q6g6-8wr6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0938","reference_id":"RHSA-2015:0938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0938"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923336?format=json","purl":"pkg:deb/debian/glance@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9684","GHSA-h737-q6g6-8wr6","PYSEC-2015-37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gfp-cgn8-mygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55241?format=json","vulnerability_id":"VCID-9sg5-tbvn-syba","summary":"OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1897","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1897"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5286"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55591","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55743","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55747","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55725","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55667","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55643","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55731","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5286"},{"reference_url":"https://bugs.launchpad.net/bugs/1498163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/bugs/1498163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1267516","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1267516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5286","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5286"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-020.html"},{"reference_url":"https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943"},{"reference_url":"http://www.securityfocus.com/bid/76943","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741","reference_id":"800741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-gvjg-r9fv-7qx9","reference_id":"GHSA-gvjg-r9fv-7qx9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvjg-r9fv-7qx9"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923340?format=json","purl":"pkg:deb/debian/glance@1:11.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@1:11.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5286","GHSA-gvjg-r9fv-7qx9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sg5-tbvn-syba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6864?format=json","vulnerability_id":"VCID-9zm2-a38f-33g3","summary":"Improper Access Control\nWhen the `download_image` policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4428.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4428","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52673","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52718","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5271","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52756","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52807","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5279","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52811","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52751","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52722","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.52666","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4428"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1235378","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/glance/+bug/1235378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4428"},{"reference_url":"https://github.com/openstack/glance/commit/a50bfb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/glance/commit/a50bfb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1019572","reference_id":"1019572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1019572"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478","reference_id":"726478","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1525","reference_id":"RHSA-2013:1525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1525"},{"reference_url":"https://usn.ubuntu.com/2003-1/","reference_id":"USN-2003-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2003-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923330?format=json","purl":"pkg:deb/debian/glance@2013.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2013.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4428"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zm2-a38f-33g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5462?format=json","vulnerability_id":"VCID-amnu-d5wp-jqb6","summary":"OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0938.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0938.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1881.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1881.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1881","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6896","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68839","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6886","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6884","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68908","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68968","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68974","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6898","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1881"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1420696","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1420696"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/25a722e614eacc47e4658f0bca6343fa52f7d03f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/25a722e614eacc47e4658f0bca6343fa52f7d03f"},{"reference_url":"https://github.com/openstack/glance/commit/78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-38.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-38.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1881","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1881"},{"reference_url":"http://www.securityfocus.com/bid/72694","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/72694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194697","reference_id":"1194697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194697"},{"reference_url":"https://github.com/advisories/GHSA-4jp4-3c62-r8jv","reference_id":"GHSA-4jp4-3c62-r8jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jp4-3c62-r8jv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0938","reference_id":"RHSA-2015:0938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0938"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923336?format=json","purl":"pkg:deb/debian/glance@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-1881","GHSA-4jp4-3c62-r8jv","PYSEC-2015-38"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amnu-d5wp-jqb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=json","vulnerability_id":"VCID-br4q-499g-vqhg","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72764","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.7263","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72679","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72706","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72653","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923342?format=json","purl":"pkg:deb/debian/glance@2:25.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55776?format=json","vulnerability_id":"VCID-fh42-vdj2-dqgu","summary":"OpenStack Glance Bypass the storage quota and Denial of service\nOpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0644.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0644.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0837.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0837.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0838.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0838.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9623","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5351","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5759","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57671","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57743","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57722","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57729","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9623"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1383973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1383973"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1398830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1398830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623"},{"reference_url":"http://secunia.com/advisories/62165","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/62165"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea"},{"reference_url":"https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31"},{"reference_url":"https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9623","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9623"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-003.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/18/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/01/18/4"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183647","reference_id":"1183647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183647"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580","reference_id":"776580","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776580"},{"reference_url":"https://github.com/advisories/GHSA-j4mh-9wq6-8rg6","reference_id":"GHSA-j4mh-9wq6-8rg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4mh-9wq6-8rg6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0644","reference_id":"RHSA-2015:0644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0837","reference_id":"RHSA-2015:0837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0838","reference_id":"RHSA-2015:0838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0838"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923335?format=json","purl":"pkg:deb/debian/glance@2014.1.3-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9623","GHSA-j4mh-9wq6-8rg6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fh42-vdj2-dqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86027?format=json","vulnerability_id":"VCID-fwaa-nnw4-1qcz","summary":"openstack-glance: unrestricted path traversal flaw","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0246.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0246.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9493","reference_id":"","reference_type":"","scores":[{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73221","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73083","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73114","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73088","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73124","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73138","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73162","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73142","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73179","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73188","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73216","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73229","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0075","scoring_system":"epss","scoring_elements":"0.73227","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9493"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1400966","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/glance/+bug/1400966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9493"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2014-041.html","reference_id":"","reference_type":"","scores":[],"url":"https://security.openstack.org/ossa/OSSA-2014-041.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"reference_url":"http://www.securityfocus.com/bid/71688","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/71688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174474","reference_id":"1174474","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836","reference_id":"773836","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9493","reference_id":"CVE-2014-9493","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0246","reference_id":"RHSA-2015:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923334?format=json","purl":"pkg:deb/debian/glance@2014.1.3-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9493"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwaa-nnw4-1qcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55975?format=json","vulnerability_id":"VCID-g1mf-hrds-bubz","summary":"OpenStack Image Service (Glance) vulnerable to Improper Access Control\nOpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0309.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0309.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0309","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0352","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0354","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0358","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:0358"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0757.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-0757","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-0757"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0757","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36176","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36371","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36279","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36298","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36282","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3623","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35997","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35877","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302607","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2016-0309.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2016-0309.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-006.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-006.html"},{"reference_url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696"},{"reference_url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123081823/https://www.securityfocus.com/bid/82696/"},{"reference_url":"http://www.securityfocus.com/bid/82696","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/82696"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757","reference_id":"CVE-2016-0757","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757"},{"reference_url":"https://github.com/advisories/GHSA-5xrj-ghhp-hx7p","reference_id":"GHSA-5xrj-ghhp-hx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xrj-ghhp-hx7p"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923339?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2016-0757","GHSA-5xrj-ghhp-hx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1mf-hrds-bubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=json","vulnerability_id":"VCID-h6rd-5p7q-s3gq","summary":"OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44353","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923343?format=json","purl":"pkg:deb/debian/glance@2:21.1.0-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.1.0-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923344?format=json","purl":"pkg:deb/debian/glance@2:28.0.1-3%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:28.0.1-3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5481?format=json","vulnerability_id":"VCID-hbpu-kpak-2uer","summary":"The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1639.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1639.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1639","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1639"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5163.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5163"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46791","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46841","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4683","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46898","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46901","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46846","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46866","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51017","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5163"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1471912","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1471912"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252378","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5163"},{"reference_url":"https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346"},{"reference_url":"http://www.securityfocus.com/bid/76346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453","reference_id":"795453","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795453"},{"reference_url":"https://github.com/advisories/GHSA-q73f-vjc2-3gqf","reference_id":"GHSA-q73f-vjc2-3gqf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q73f-vjc2-3gqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923338?format=json","purl":"pkg:deb/debian/glance@2015.1.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2015.1.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5163","GHSA-q73f-vjc2-3gqf","PYSEC-2015-39"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpu-kpak-2uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57914?format=json","vulnerability_id":"VCID-k2u9-5g8v-bucz","summary":"OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions\nOpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1897","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1897"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5251.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5251"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37975","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38499","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38524","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38387","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38086","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5251"},{"reference_url":"https://bugs.launchpad.net/bugs/1482371","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/bugs/1482371"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1263511","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1263511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5251","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5251"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2015-1897.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2015-019.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2015-019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931","reference_id":"799931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-q748-mcwg-xmqv","reference_id":"GHSA-q748-mcwg-xmqv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q748-mcwg-xmqv"},{"reference_url":"https://usn.ubuntu.com/3446-1/","reference_id":"USN-3446-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3446-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923340?format=json","purl":"pkg:deb/debian/glance@1:11.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@1:11.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5251","GHSA-q748-mcwg-xmqv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2u9-5g8v-bucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55735?format=json","vulnerability_id":"VCID-mz1p-z6ca-wydw","summary":"OpenStack Glance is vulnerable to Exposure of Sensitive Information\nThe v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.","references":[{"reference_url":"http://osvdb.org/91304","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/91304"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0707.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0707.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1840.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1840","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.5695","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56997","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.5702","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57025","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56998","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56974","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57027","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56994","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57017","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57038","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.56879","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1840"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1135541","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1135541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1840"},{"reference_url":"http://secunia.com/advisories/52565","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/52565"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82878","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/74b067df9726f9cf3e6e17e248719794a6ee0745","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/74b067df9726f9cf3e6e17e248719794a6ee0745"},{"reference_url":"https://github.com/openstack/glance/commit/dd849a9be540bedd4fd904cc0b86ccd9c3e34af2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/dd849a9be540bedd4fd904cc0b86ccd9c3e34af2"},{"reference_url":"https://github.com/openstack/glance/commit/e75764eee34915f8bc5b664ac18e47a556c9d3dd","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/e75764eee34915f8bc5b664ac18e47a556c9d3dd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1840","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1840"},{"reference_url":"https://review.openstack.org/#/c/24437","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24437"},{"reference_url":"https://review.openstack.org/#/c/24437/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24437/"},{"reference_url":"https://review.openstack.org/#/c/24438","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24438"},{"reference_url":"https://review.openstack.org/#/c/24438/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24438/"},{"reference_url":"https://review.openstack.org/#/c/24439","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24439"},{"reference_url":"https://review.openstack.org/#/c/24439/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24439/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/03/14/15","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/03/14/15"},{"reference_url":"http://www.securityfocus.com/bid/58490","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/58490"},{"reference_url":"http://www.ubuntu.com/usn/USN-1764-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1764-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063","reference_id":"703063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703063"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-c8w9-83vg-r8vv","reference_id":"GHSA-c8w9-83vg-r8vv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8w9-83vg-r8vv"},{"reference_url":"https://usn.ubuntu.com/1764-1/","reference_id":"USN-1764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923329?format=json","purl":"pkg:deb/debian/glance@2012.1.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1840","GHSA-c8w9-83vg-r8vv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mz1p-z6ca-wydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5309?format=json","vulnerability_id":"VCID-qwg8-evdp-jkfn","summary":"store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0209.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0209.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0209","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0209"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0212","reference_id":"","reference_type":"","scores":[{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.79026","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.7892","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78927","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78932","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.7896","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78956","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78987","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.7901","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01203","scoring_system":"epss","scoring_elements":"0.78885","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0212"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1098962","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1098962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=902964","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=902964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0212"},{"reference_url":"http://secunia.com/advisories/51957","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51957"},{"reference_url":"http://secunia.com/advisories/51990","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51990"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"},{"reference_url":"https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"},{"reference_url":"https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2013-37.yaml"},{"reference_url":"https://launchpad.net/glance/+milestone/2012.2.3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/glance/+milestone/2012.2.3"},{"reference_url":"https://lists.launchpad.net/openstack/msg20517.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg20517.html"},{"reference_url":"http://ubuntu.com/usn/usn-1710-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1710-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/01/29/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/01/29/10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0212","reference_id":"CVE-2013-0212","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0212"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0212","reference_id":"CVE-2013-0212","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0212"},{"reference_url":"https://github.com/advisories/GHSA-xv7j-2v4w-cjvh","reference_id":"GHSA-xv7j-2v4w-cjvh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7j-2v4w-cjvh"},{"reference_url":"https://usn.ubuntu.com/1710-1/","reference_id":"USN-1710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923328?format=json","purl":"pkg:deb/debian/glance@2012.1.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0212","GHSA-xv7j-2v4w-cjvh","PYSEC-2013-37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwg8-evdp-jkfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59896?format=json","vulnerability_id":"VCID-ruvh-knrw-pygu","summary":"OpenStack Glance Server-Side Request Forgery (SSRF)\nAn SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7200","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59028","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59289","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59308","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59287","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59285","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7200"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1153614","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1153614"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1606495","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1606495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/b1ac90f7914d91b25144cc4063fa994fb5019ee3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7200","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7200"},{"reference_url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0078","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0078"},{"reference_url":"http://www.securityfocus.com/bid/96988","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/96988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1434244","reference_id":"1434244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1434244"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-j6mr-cm6x-h6jg","reference_id":"GHSA-j6mr-cm6x-h6jg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6mr-cm6x-h6jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923341?format=json","purl":"pkg:deb/debian/glance@2:13.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:13.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-7200","GHSA-j6mr-cm6x-h6jg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruvh-knrw-pygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5297?format=json","vulnerability_id":"VCID-snjn-ymc5-qkg9","summary":"The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"},{"reference_url":"http://osvdb.org/87248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/87248"},{"reference_url":"http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1558.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-1558.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4573.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4573.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4573","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74771","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7482","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74815","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74812","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74764","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74691","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74721","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74734","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74743","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4573"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1065187","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1065187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573"},{"reference_url":"http://secunia.com/advisories/51174","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/51174"},{"reference_url":"http://secunia.com/advisories/51234","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/51234"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79895","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"},{"reference_url":"https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"},{"reference_url":"https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-29.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4573","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4573"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/07/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/09/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/09/5"},{"reference_url":"http://www.securityfocus.com/bid/56437","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/56437"},{"reference_url":"http://www.ubuntu.com/usn/USN-1626-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1626-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1626-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1626-2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641","reference_id":"692641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=872302","reference_id":"872302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=872302"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-6rrm-xxvh-7r87","reference_id":"GHSA-6rrm-xxvh-7r87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rrm-xxvh-7r87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1558","reference_id":"RHSA-2012:1558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1558"},{"reference_url":"https://usn.ubuntu.com/1626-1/","reference_id":"USN-1626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1626-1/"},{"reference_url":"https://usn.ubuntu.com/1626-2/","reference_id":"USN-1626-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1626-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923323?format=json","purl":"pkg:deb/debian/glance@2012.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-4573","GHSA-6rrm-xxvh-7r87","PYSEC-2012-29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snjn-ymc5-qkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15805?format=json","vulnerability_id":"VCID-t91r-2xja-17hy","summary":"OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme\nThe V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a `filesystem://` URL in the image location property.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1195","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78181","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78168","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78155","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78149","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78082","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78108","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78039","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78091","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78051","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1195"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1408663","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1408663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1195"},{"reference_url":"http://secunia.com/advisories/62169","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/62169"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088"},{"reference_url":"https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99"},{"reference_url":"https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/15/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/01/15/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/18/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/01/18/5"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"http://www.securityfocus.com/bid/71976","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/71976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181533","reference_id":"1181533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926","reference_id":"775926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1195","reference_id":"CVE-2015-1195","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1195"},{"reference_url":"https://github.com/advisories/GHSA-pwrj-f53c-f89j","reference_id":"GHSA-pwrj-f53c-f89j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwrj-f53c-f89j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923337?format=json","purl":"pkg:deb/debian/glance@2014.1.3-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-1195","GHSA-pwrj-f53c-f89j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t91r-2xja-17hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85577?format=json","vulnerability_id":"VCID-tafu-6gx3-n7bf","summary":"openstack-glance: potential resource exhaustion task flow API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3289","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58233","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58319","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58313","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58372","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5838","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58384","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58322","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62126","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62072","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243927","reference_id":"1243927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243927"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896","reference_id":"793896","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923338?format=json","purl":"pkg:deb/debian/glance@2015.1.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2015.1.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-3289"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tafu-6gx3-n7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57709?format=json","vulnerability_id":"VCID-uveb-gt8h-1kcr","summary":"OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability\nThe Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0455.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0455.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0455","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:0455"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0162.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-0162","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-0162"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0162","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6824","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6822","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68231","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68211","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68262","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68266","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68189","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68204","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68229","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68216","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1085163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1085163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162"},{"reference_url":"https://launchpad.net/bugs/1298698","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1298698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0162","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0162"},{"reference_url":"https://opendev.org/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/glance"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/04/10/13","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/04/10/13"},{"reference_url":"http://www.ubuntu.com/usn/USN-2193-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2193-1"},{"reference_url":"https://github.com/advisories/GHSA-r7pj-rvwg-vxhr","reference_id":"GHSA-r7pj-rvwg-vxhr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7pj-rvwg-vxhr"},{"reference_url":"https://usn.ubuntu.com/2193-1/","reference_id":"USN-2193-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2193-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923331?format=json","purl":"pkg:deb/debian/glance@2014.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-0162","GHSA-r7pj-rvwg-vxhr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uveb-gt8h-1kcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54464?format=json","vulnerability_id":"VCID-wvq2-r6u8-7bet","summary":"OpenStack Glance improper validation of the image_size_cap configuration option\nOpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1337.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1337.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1338.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1338.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1685.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1685.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5356","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74195","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74186","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74188","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74194","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74116","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74119","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74161","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74064","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74113","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74096","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74101","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5356"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1315321","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1315321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356"},{"reference_url":"http://secunia.com/advisories/60743","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/60743"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/12f43cfed5a47cd16f08b7dad2424da0fc362e47"},{"reference_url":"https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/31a4d1852a0c27bac5757c192f300f051229a312"},{"reference_url":"https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/92ab00fca6926eaf3f7f92a955a5e07140063718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5356","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5356"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/08/21/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/08/21/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2322-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2322-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131770","reference_id":"1131770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1131770"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-479j-jf2p-38pg","reference_id":"GHSA-479j-jf2p-38pg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-479j-jf2p-38pg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1337","reference_id":"RHSA-2014:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1338","reference_id":"RHSA-2014:1338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1685","reference_id":"RHSA-2014:1685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1685"},{"reference_url":"https://usn.ubuntu.com/2322-1/","reference_id":"USN-2322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923333?format=json","purl":"pkg:deb/debian/glance@2014.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2014.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-5356","GHSA-479j-jf2p-38pg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvq2-r6u8-7bet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5298?format=json","vulnerability_id":"VCID-xne9-2tb7-kyfq","summary":"The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"},{"reference_url":"http://osvdb.org/87248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/87248"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5482","reference_id":"","reference_type":"","scores":[{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80499","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80433","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80538","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.8052","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80415","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80404","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80473","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.8047","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.8044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80447","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80388","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01403","scoring_system":"epss","scoring_elements":"0.80462","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5482"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1076506","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1076506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5482"},{"reference_url":"http://secunia.com/advisories/51174","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/51174"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80019","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"},{"reference_url":"https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-30.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2012-30.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/07/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/08/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/08/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/09/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/09/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/09/5"},{"reference_url":"http://www.securityfocus.com/bid/56437","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/56437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641","reference_id":"692641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5482","reference_id":"CVE-2012-5482","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5482"},{"reference_url":"https://github.com/advisories/GHSA-vwr9-9f8v-vp5m","reference_id":"GHSA-vwr9-9f8v-vp5m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwr9-9f8v-vp5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923327?format=json","purl":"pkg:deb/debian/glance@2012.1.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2012.1.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-5482","GHSA-vwr9-9f8v-vp5m","PYSEC-2012-30"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xne9-2tb7-kyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5356?format=json","vulnerability_id":"VCID-zgpj-5an4-mucg","summary":"OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0229.html","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0229.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1948","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19359","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19496","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19542","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1926","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19338","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19395","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19291","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19261","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19271","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1917","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19117","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1948"},{"reference_url":"https://bugs.launchpad.net/glance/+bug/1275062","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/glance/+bug/1275062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948"},{"reference_url":"http://secunia.com/advisories/56419","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/56419"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/108f0e04ad2ed3dc287f1b71b987a7e9d66072ba"},{"reference_url":"https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/f6e41e9c0ff3aa9ee57b8c8ed8c789f1aff019bc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2014-102.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1948","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1948"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/12/18","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/12/18"},{"reference_url":"http://www.securityfocus.com/bid/65507","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1064589","reference_id":"1064589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1064589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924","reference_id":"738924","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738924"},{"reference_url":"https://github.com/advisories/GHSA-4xw6-hj5p-4j79","reference_id":"GHSA-4xw6-hj5p-4j79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xw6-hj5p-4j79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0229","reference_id":"RHSA-2014:0229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0229"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923332?format=json","purl":"pkg:deb/debian/glance@2013.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2013.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-1948","GHSA-4xw6-hj5p-4j79","PYSEC-2014-102"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpj-5an4-mucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=json","vulnerability_id":"VCID-zy9m-d25c-5uga","summary":"OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162","reference_id":"","reference_type":"","scores":[{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87746","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.8777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87832","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5"},{"reference_url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f"},{"reference_url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397"},{"reference_url":"https://launchpad.net/bugs/1449062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1449062"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/06/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/10/06/8"},{"reference_url":"http://www.securityfocus.com/bid/76849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76849"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162"},{"reference_url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx","reference_id":"GHSA-g2j5-7vgx-6xrx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2923","reference_id":"RHSA-2016:2923","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2991","reference_id":"RHSA-2016:2991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0153","reference_id":"RHSA-2017:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0156","reference_id":"RHSA-2017:0156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0165","reference_id":"RHSA-2017:0165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0282","reference_id":"RHSA-2017:0282","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0282"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/923339?format=json","purl":"pkg:deb/debian/glance@2:12.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:12.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923324?format=json","purl":"pkg:deb/debian/glance@2:21.0.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:21.0.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923322?format=json","purl":"pkg:deb/debian/glance@2:25.1.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:25.1.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923326?format=json","purl":"pkg:deb/debian/glance@2:30.0.0-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yzt4-fp6y-h3f1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/923325?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066826?format=json","purl":"pkg:deb/debian/glance@2:32.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:32.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5162","GHSA-g2j5-7vgx-6xrx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glance@2:30.0.0-3%3Fdistro=trixie"}