GCVE - cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Havana (`f67b8963-b067-56e5-b5d5-51a071aa1dd4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/puppetlabs/puppetlabs-havana`	purl2cpe	2026-06-01 10:17:03.417184

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-7130`	vulnerable	2026-06-03 14:33:34.067456	Details available The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. Published: 2014-02-06T16:00:00.000Z Updated: 2024-08-06T18:01:19.335Z Open on db.gcve.eu Reference links https://review.openstack.org/#/c/68659/ https://review.openstack.org/#/c/68658/ http://www.securityfocus.com/bid/65106 https://review.openstack.org/#/c/68660/ https://exchange.xforce.ibmcloud.com/vulnerabilities/90652	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4477`	vulnerable	2026-06-03 14:33:17.133286	Details available The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. Published: 2013-11-02T19:00:00.000Z Updated: 2024-08-06T16:45:14.815Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/10/30/6 http://www.ubuntu.com/usn/USN-2034-1 http://rhn.redhat.com/errata/RHSA-2014-0113.html https://bugs.launchpad.net/keystone/+bug/1242855	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4469`	vulnerable	2026-06-03 14:33:16.887130	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. Published: 2013-11-02T18:00:00.000Z Updated: 2024-08-06T16:45:14.301Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/nova/+bug/1206081 http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4463`	vulnerable	2026-06-03 14:33:16.844345	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. Published: 2014-02-06T02:00:00.000Z Updated: 2024-08-06T16:45:14.837Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/nova/+bug/1206081 http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1 http://rhn.redhat.com/errata/RHSA-2014-0112.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4155`	vulnerable	2026-06-03 14:33:09.939857	Details available OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. Published: 2013-08-20T22:00:00.000Z Updated: 2024-08-06T16:30:50.054Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/swift/+bug/1196932 http://www.debian.org/security/2012/dsa-2737 https://review.openstack.org/#/c/40646/ http://www.openwall.com/lists/oss-security/2013/08/07/6 http://www.ubuntu.com/usn/USN-2001-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2161`	vulnerable	2026-06-03 14:32:54.050265	Details available XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Published: 2013-08-20T22:00:00.000Z Updated: 2024-08-06T15:27:40.947Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2737 http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html https://bugs.launchpad.net/swift/+bug/1183884 http://rhn.redhat.com/errata/RHSA-2013-0993.html http://www.openwall.com/lists/oss-security/2013/06/13/4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2096`	vulnerable	2026-06-03 14:32:53.651711	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. Published: 2013-07-09T17:00:00.000Z Updated: 2024-08-06T15:27:40.933Z Open on db.gcve.eu Reference links https://review.openstack.org/#/c/28717/ https://review.openstack.org/#/c/28901/ http://www.ubuntu.com/usn/USN-1831-1 http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html https://review.openstack.org/#/c/29192/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.