103 matches found
CVE-2023-20213
A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic...
CVE-2022-39222
Dex is an OpenID Connect identity service. Affected versions prior to 2.35.0 with public clients can have the OAuth authorization code exposed during the OIDC flow when a victim visits a malicious site. An attacker can then exchange the stolen authorization code for a token to gain access to appl...
CVE-2022-39222 OAuth authorization code exposure in Dex
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can...
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
The TripleO Heat templates tripleo-heat-templates do not properly order the Identity Service keystone before the OpenStack Object Storage Swift staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive...
GHSA-J36M-HV43-7W7M OpenStack Identity service (keystone) Incorrect Authorization
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
OpenStack Identity service (keystone) Incorrect Authorization
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
The vulnerability of the Identity Service in operating systems such as tvOS, iOS, iPadOS, and watchOS allows a hacker to bypass security restrictions.
The vulnerability of the Identity Service for operating systems tvOS, iOS, iPadOS, and watchOS is related to incorrect code generation. Exploiting this vulnerability can allow attackers to circumvent security restrictions...
Google to auto-enrol users, YouTubers into 2SV
Googles announced some changes to how its helping millions of its users stay safe and secure. The biggest of those changes is that it plans to auto-enrol its users in to two-step verification, or 2SV. 2SV adds an extra layer when logging into your account and the additional step happens after you...
Apple iOS和Apple iPadOS 数据伪造问题漏洞
Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 14.7 and iPadOS 14.7 are vulnerable to a data forgery issue. A data forgery vulnerability exists in Apple iOS 14.7 and...
Logic Flaw Vulnerability in Unified Identity Service Platform ZFIAM
The scope of business of Ortho Software Co., Ltd. includes: technology development, technical services, results transfer: computer software, computer network system integration, etc. The unified identity authentication service platform ZFIAM has a logic flaw vulnerability, which can be exploited ...
IDaaS Platform of Beijing Jiuzhou Yunteng Technology Co., Ltd. has Logic Flaw Vulnerability
IDaaS platform is a cloud identity service platform provided by Jiuzhou Yunteng. Based on the traditional 4A's of account, authentication, authorization, and auditing plus our unique application store, it forms a 5A platform, which can provide a unified portal for enterprise users, and based on...
Important: Red Hat Security Advisory: openstack-keystone security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: openstack-keystone security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: openstack-keystone security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: openstack-keystone security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Debian: Security Advisory (DSA-4679-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Authorization Bypass
The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain acces...
CVE-2018-19981
Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...
Design/Logic Flaw
Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...
CVE-2018-19981
Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...