VulnerableCode Package Details - pkg:rpm/redhat/openstack-nova@2013.2.2-2?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-hcsa-vfvp-buax Aliases: CVE-2013-6419 GHSA-22w9-j288-8p9w	OpenStack Nova Router metadata queries are not restricted by tenant Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron.	There are no reported fixed by versions.
VCID-rvp9-etcr-wycj Aliases: CVE-2013-6437 GHSA-hrv9-4x4c-9jc8	OpenStack Nova DoS through ephemeral disk backing files The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.	There are no reported fixed by versions.
VCID-v47b-k4qx-h7a2 Aliases: CVE-2013-7048 GHSA-grp5-h379-j75x	OpenStack Nova live snapshots use an insecure local directory OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.	There are no reported fixed by versions.
VCID-vena-h39k-v3fe Aliases: CVE-2013-7130 GHSA-99rx-9x8v-9j8p PYSEC-2014-111	The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-hcsa-vfvp-buax
Aliases:
CVE-2013-6419
GHSA-22w9-j288-8p9w

OpenStack Nova Router metadata queries are not restricted by tenant Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron.

There are no reported fixed by versions.

VCID-rvp9-etcr-wycj
Aliases:
CVE-2013-6437
GHSA-hrv9-4x4c-9jc8

OpenStack Nova DoS through ephemeral disk backing files The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

There are no reported fixed by versions.

VCID-v47b-k4qx-h7a2
Aliases:
CVE-2013-7048
GHSA-grp5-h379-j75x

OpenStack Nova live snapshots use an insecure local directory OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

There are no reported fixed by versions.

VCID-vena-h39k-v3fe
Aliases:
CVE-2013-7130
GHSA-99rx-9x8v-9j8p
PYSEC-2014-111

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:50:10.568757+00:00	RedHat Importer	Affected by	VCID-v47b-k4qx-h7a2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7048.json	38.0.0
2026-04-01T14:49:13.504211+00:00	RedHat Importer	Affected by	VCID-hcsa-vfvp-buax	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6419.json	38.0.0
2026-04-01T14:49:12.576742+00:00	RedHat Importer	Affected by	VCID-rvp9-etcr-wycj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6437.json	38.0.0
2026-04-01T14:48:58.326750+00:00	RedHat Importer	Affected by	VCID-vena-h39k-v3fe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7130.json	38.0.0