VulnerableCode Package Details - pkg:rpm/redhat/openstack-nova@2013.1.5-2?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-n6d6-1kyd-qufe Aliases: CVE-2013-4497 GHSA-27q4-38qf-m25h	OpenStack Compute Nova Improper Access Control The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.	There are no reported fixed by versions.
VCID-v47b-k4qx-h7a2 Aliases: CVE-2013-7048 GHSA-grp5-h379-j75x	OpenStack Nova live snapshots use an insecure local directory OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.	There are no reported fixed by versions.
VCID-vena-h39k-v3fe Aliases: CVE-2013-7130 GHSA-99rx-9x8v-9j8p PYSEC-2014-111	The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-n6d6-1kyd-qufe
Aliases:
CVE-2013-4497
GHSA-27q4-38qf-m25h

OpenStack Compute Nova Improper Access Control The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

There are no reported fixed by versions.

VCID-v47b-k4qx-h7a2
Aliases:
CVE-2013-7048
GHSA-grp5-h379-j75x

OpenStack Nova live snapshots use an insecure local directory OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

There are no reported fixed by versions.

VCID-vena-h39k-v3fe
Aliases:
CVE-2013-7130
GHSA-99rx-9x8v-9j8p
PYSEC-2014-111

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:53:48.053679+00:00	RedHat Importer	Affected by	VCID-n6d6-1kyd-qufe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4497.json	38.0.0
2026-04-01T14:50:10.555579+00:00	RedHat Importer	Affected by	VCID-v47b-k4qx-h7a2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json	38.0.0
2026-04-01T14:48:58.314287+00:00	RedHat Importer	Affected by	VCID-vena-h39k-v3fe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json	38.0.0