Lucene search
K

103 matches found

OSV
OSV
added 2023/11/01 5:15 p.m.7 views

CVE-2023-20213

A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2022/10/06 12:0 a.m.402 views

CVE-2022-39222

Dex is an OpenID Connect identity service. Affected versions prior to 2.35.0 with public clients can have the OAuth authorization code exposed during the OIDC flow when a victim visits a malicious site. An attacker can then exchange the stolen authorization code for a token to gain access to appl...

9.3CVSS7.3AI score0.01127EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/06 12:0 a.m.7 views

CVE-2022-39222 OAuth authorization code exposure in Dex

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can...

9.3CVSS9.4AI score0.01127EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.29 views

TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers

The TripleO Heat templates tripleo-heat-templates do not properly order the Identity Service keystone before the OpenStack Object Storage Swift staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive...

7.5CVSS6.9AI score0.02415EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.9 views

GHSA-J36M-HV43-7W7M OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

8.6CVSS6.7AI score0.02106EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.28 views

OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

7.2CVSS6.9AI score0.02106EPSS
Exploits1References13Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.6 views

The vulnerability of the Identity Service in operating systems such as tvOS, iOS, iPadOS, and watchOS allows a hacker to bypass security restrictions.

The vulnerability of the Identity Service for operating systems tvOS, iOS, iPadOS, and watchOS is related to incorrect code generation. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

5.5CVSS6AI score0.01142EPSS
Exploits0References5Affected Software4
Malwarebytes
Malwarebytes
added 2021/10/07 10:12 a.m.18 views

Google to auto-enrol users, YouTubers into 2SV

Googles announced some changes to how its helping millions of its users stay safe and secure. The biggest of those changes is that it plans to auto-enrol its users in to two-step verification, or 2SV. 2SV adds an extra layer when logging into your account and the additional step happens after you...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

Apple iOS和Apple iPadOS 数据伪造问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 14.7 and iPadOS 14.7 are vulnerable to a data forgery issue. A data forgery vulnerability exists in Apple iOS 14.7 and...

5.5CVSS5.8AI score0.01142EPSS
Exploits0References8
CNVD
CNVD
added 2020/12/30 12:0 a.m.4 views

Logic Flaw Vulnerability in Unified Identity Service Platform ZFIAM

The scope of business of Ortho Software Co., Ltd. includes: technology development, technical services, results transfer: computer software, computer network system integration, etc. The unified identity authentication service platform ZFIAM has a logic flaw vulnerability, which can be exploited ...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/10/17 12:0 a.m.1 views

IDaaS Platform of Beijing Jiuzhou Yunteng Technology Co., Ltd. has Logic Flaw Vulnerability

IDaaS platform is a cloud identity service platform provided by Jiuzhou Yunteng. Based on the traditional 4A's of account, authentication, authorization, and auditing plus our unique application store, it forms a 5A platform, which can provide a unified portal for enterprise users, and based on...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/22 12:38 p.m.35 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.04918EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/22 12:36 p.m.42 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.04918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/22 12:13 p.m.44 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.2AI score0.04918EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/06/24 12:43 p.m.53 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.04918EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/05/08 12:0 a.m.54 views

Debian: Security Advisory (DSA-4679-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.04918EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/02 4:54 a.m.30 views

Authorization Bypass

The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain acces...

6.8CVSS5.7AI score0.03067EPSS
Exploits0References19Affected Software1
NVD
NVD
added 2019/04/04 3:29 p.m.19 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

9CVSS6.9AI score0.01831EPSS
Exploits1References4
Prion
Prion
added 2019/04/04 3:29 p.m.18 views

Design/Logic Flaw

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

9CVSS6.8AI score0.01831EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/04/04 2:34 p.m.17 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

7AI score0.01831EPSS
Exploits1References4
Rows per page
Query Builder