GCVE - cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Havana (`f67b8963-b067-56e5-b5d5-51a071aa1dd4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/puppetlabs/puppetlabs-havana`	purl2cpe	2026-06-01 10:17:03.417182

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-6419`	vulnerable	2026-06-03 14:33:26.165802	Details available Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. Published: 2014-01-07T18:00:00.000Z Updated: 2024-08-06T17:39:01.179Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/64250 https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py http://rhn.redhat.com/errata/RHSA-2014-0091.html http://rhn.redhat.com/errata/RHSA-2014-0231.html http://www.openwall.com/lists/oss-security/2013/12/11/8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4497`	vulnerable	2026-06-03 14:33:17.319020	Details available The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. Published: 2013-11-05T20:00:00.000Z Updated: 2024-08-06T16:45:14.926Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/11/03/2 https://bugs.launchpad.net/nova/+bug/1202266 http://www.openwall.com/lists/oss-security/2013/11/03/3 https://bugs.launchpad.net/nova/+bug/1073306	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4179`	vulnerable	2026-06-03 14:33:10.106193	Details available The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. Published: 2013-09-16T19:00:00.000Z Updated: 2024-08-06T16:38:00.185Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-1199.html https://bugs.launchpad.net/ossa/+bug/1190229 http://www.ubuntu.com/usn/USN-2005-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.