Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-z5wc-py2m-6qhz

Summary OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Aliases

alias	CVE-2013-0335

alias	GHSA-qfp8-hfqx-c79c

alias	PYSEC-2013-43

Fixed_packages

url	pkg:deb/debian/nova@2012.1.1-14?distro=trixie
purl	pkg:deb/debian/nova@2012.1.1-14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2012.1.1-14%3Fdistro=trixie

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hd9e-1msb-uqa6

vulnerability	VCID-m5vc-4my3-87gk

vulnerability	VCID-zwuz-pgjz-rkb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie

Affected_packages

References

reference_url

http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/nova/commit/05a3374992bc8ba53ddc9c491b51c4b59eed0a72

reference_url

http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/nova/commit/3b0f4cf6bea33e6ee1893f6e872d968b0c309f88

reference_url

http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/nova/commit/48e81f1554ce41c3d4f7445421d19f4a8128e98d

reference_url

http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/nova/commit/ad94a90202193335f011888db017e557b07faf8a

reference_url

http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/nova/commit/e98928cf77645fdc309da894f3bd332e99482e0d

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0709.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0709.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0335.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0335.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0335

reference_id

reference_type

scores

value	0.01036
scoring_system	epss
scoring_elements	0.77431
published_at	2026-04-18T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77335
published_at	2026-04-01T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77341
published_at	2026-04-02T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.7737
published_at	2026-04-04T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.7735
published_at	2026-04-07T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.7738
published_at	2026-04-08T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77389
published_at	2026-04-09T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77415
published_at	2026-04-11T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77395
published_at	2026-04-12T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77392
published_at	2026-04-13T12:55:00Z

value	0.01036
scoring_system	epss
scoring_elements	0.77432
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0335

reference_url

https://bugs.launchpad.net/nova/+bug/1125378

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/nova/+bug/1125378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335

reference_url	http://secunia.com/advisories/52337
reference_id
reference_type
scores
url	http://secunia.com/advisories/52337

reference_url	http://secunia.com/advisories/52728
reference_id
reference_type
scores
url	http://secunia.com/advisories/52728

reference_url

https://github.com/openstack/nova

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2013-43.yaml

reference_url

https://review.openstack.org/#/c/22086

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22086

reference_url	https://review.openstack.org/#/c/22086/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/22086/

reference_url

https://review.openstack.org/#/c/22758

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22758

reference_url

https://review.openstack.org/#/c/22872

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22872

reference_url	https://review.openstack.org/#/c/22872/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/22872/

reference_url

http://www.openwall.com/lists/oss-security/2013/02/26/7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/26/7

reference_url	http://www.osvdb.org/90657
reference_id
reference_type
scores
url	http://www.osvdb.org/90657

reference_url

http://www.ubuntu.com/usn/USN-1771-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1771-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773
reference_id	701773
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:::::::*
reference_id	cpe:2.3:a:openstack:essex:2012.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:::::::*
reference_id	cpe:2.3:a:openstack:folsom:2012.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:::::::*
reference_id	cpe:2.3:a:openstack:grizzly:2012.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:2012.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0335

reference_id

CVE-2013-0335

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0335

reference_url

https://github.com/advisories/GHSA-qfp8-hfqx-c79c

reference_id

GHSA-qfp8-hfqx-c79c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qfp8-hfqx-c79c

reference_url	https://usn.ubuntu.com/1771-1/
reference_id	USN-1771-1
reference_type
scores
url	https://usn.ubuntu.com/1771-1/

Weaknesses

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

Exploits

Severity_range_score 6.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5wc-py2m-6qhz

Vulnerability Instance