Search for packages
| purl | pkg:rpm/redhat/openstack-cinder@2013.1.3-2?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4cvx-j5g1-23hx
Aliases: CVE-2013-4183 GHSA-q3rw-wcj6-8cjf PYSEC-2013-35 |
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-kgrz-64rh-cbdd
Aliases: CVE-2013-4202 GHSA-mfg4-9xf4-f45q |
OpenStack Cinder Denial of Service using XML entities The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:50:27.573564+00:00 | RedHat Importer | Affected by | VCID-4cvx-j5g1-23hx | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4183.json | 38.0.0 |
| 2026-04-01T14:50:20.101425+00:00 | RedHat Importer | Affected by | VCID-kgrz-64rh-cbdd | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4202.json | 38.0.0 |