Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/932869?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/932869?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "nova", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2012-1~rc3-1", "latest_non_vulnerable_version": "2:33.0.1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5346?format=api", "vulnerability_id": "VCID-5tkb-w761-4qc6", "summary": "keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10442", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10297", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10352", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10408", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10588", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10531", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1051", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10489", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10428", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10491", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10334", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2030" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1174608", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1174608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958285" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/58d6879b1caaa750c39c8e452a0634c24ffef2ce" }, { "reference_url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7" }, { "reference_url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/7bf3e8d3e254d817ff5ae7ef1f2884b10410ca60" }, { "reference_url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/python-keystoneclient/commit/1736e2ffb12f70eeebed019448bc14def48aa036" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-45.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2030" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/05/09/2" }, { "reference_url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv", "reference_id": "GHSA-pxxv-rv32-2qgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxxv-rv32-2qgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932869?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932857?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932855?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932860?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932858?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932859?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000461?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1041985?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066837?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088711?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2030", "GHSA-pxxv-rv32-2qgv", "PYSEC-2013-45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-w761-4qc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86168?format=api", "vulnerability_id": "VCID-9vq2-2nsa-bbfa", "summary": "openstack-nova: Nova VMware driver may connect VNC to another tenant's console", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1689.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-1689.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-1781.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-1782.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8750.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76281", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76233", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.7602", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76023", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76068", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76083", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76108", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76084", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76081", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76121", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76126", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76109", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76148", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76169", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76179", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76209", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76232", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00929", "scoring_system": "epss", "scoring_elements": "0.76218", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8750" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1357372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/nova/+bug/1357372" }, { "reference_url": "http://secunia.com/advisories/60227", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60227" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/10/14/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/10/14/9" }, { "reference_url": "http://www.securityfocus.com/bid/70182", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/70182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152346", "reference_id": "1152346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152346" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:2014.2:milestone3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8750", "reference_id": "CVE-2014-8750", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8750" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1689", "reference_id": "RHSA-2014:1689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932869?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932857?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932855?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932860?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932858?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932859?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000461?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1041985?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066837?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088711?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8750" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vq2-2nsa-bbfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18163?format=api", "vulnerability_id": "VCID-e6ne-73mv-73bc", "summary": "OpenStack Nova vulnerable to unauthorized access to potentially sensitive data\nIn OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74804", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.7475", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74731", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74663", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74627", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74632", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74586", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74764", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.7474", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74711", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74662", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40767" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://launchpad.net/bugs/2071734", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://launchpad.net/bugs/2071734" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767" }, { "reference_url": "https://review.opendev.org/c/openstack/nova/+/924731", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/nova/+/924731" }, { "reference_url": "https://security.openstack.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2024-002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2024-002.html" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/07/23/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:47:09Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217", "reference_id": "2297217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297217" }, { "reference_url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m", "reference_id": "GHSA-rm86-h44c-2r2m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm86-h44c-2r2m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5082", "reference_id": "RHSA-2024:5082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5083", "reference_id": "RHSA-2024:5083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5097", "reference_id": "RHSA-2024:5097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5113", "reference_id": "RHSA-2024:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5113" }, { "reference_url": "https://usn.ubuntu.com/6911-1/", "reference_id": "USN-6911-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6911-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932869?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932857?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932855?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932860?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932858?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932859?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000461?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1041985?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066837?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088711?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-40767", "GHSA-rm86-h44c-2r2m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ne-73mv-73bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5303?format=api", "vulnerability_id": "VCID-nryd-hrub-cydj", "summary": "OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).", "references": [ { "reference_url": "http://osvdb.org/88419", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/88419" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5625.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77809", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77611", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77648", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77646", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77641", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77672", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.7768", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77695", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77737", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77756", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77745", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77763", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77551", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77558", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77584", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77564", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77601", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77628", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01057", "scoring_system": "epss", "scoring_elements": "0.77612", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5625" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1070539", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1070539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f" }, { "reference_url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-41.yaml" }, { "reference_url": "https://launchpad.net/nova/folsom/2012.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/nova/folsom/2012.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5625", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5625" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/12/11/5" }, { "reference_url": "http://www.securityfocus.com/bid/56904", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/56904" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1663-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1663-1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-rwhr-h69g-8qmq", "reference_id": "GHSA-rwhr-h69g-8qmq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwhr-h69g-8qmq" }, { "reference_url": "https://usn.ubuntu.com/1663-1/", "reference_id": "USN-1663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932869?format=api", "purl": "pkg:deb/debian/nova@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932857?format=api", "purl": "pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hd9e-1msb-uqa6" }, { "vulnerability": "VCID-m5vc-4my3-87gk" }, { "vulnerability": "VCID-zwuz-pgjz-rkb9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932855?format=api", "purl": "pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932860?format=api", "purl": "pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932858?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932859?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000461?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1041985?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066837?format=api", "purl": "pkg:deb/debian/nova@2:33.0.0-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088711?format=api", "purl": "pkg:deb/debian/nova@2:33.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5625", "GHSA-rwhr-h69g-8qmq", "PYSEC-2012-41" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nryd-hrub-cydj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@0%3Fdistro=trixie" }