Search for packages
| purl | pkg:rpm/redhat/openstack-nova@2013.2.3-12?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ex1j-py3q-93hv
Aliases: CVE-2014-3517 GHSA-xjmj-p278-4jp5 |
Exposure of Sensitive Information to an Unauthorized Actor api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. | There are no reported fixed by versions. |
|
VCID-q246-vzd6-3qfb
Aliases: CVE-2014-0167 GHSA-p258-xmh3-72pv |
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:48:30.310696+00:00 | RedHat Importer | Affected by | VCID-q246-vzd6-3qfb | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0167.json | 38.0.0 |
| 2026-04-01T14:46:52.540749+00:00 | RedHat Importer | Affected by | VCID-ex1j-py3q-93hv | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3517.json | 38.0.0 |