keystone:fuzz_asm_sparcbe: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize

Detailed Report: https://oss-fuzz.com/testcase?key=5656891841839104 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmsparcbe Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: llvmks::MCAssembler::computeFragmentSiz...

keystone:fuzz_asm_sparc64be: Heap-buffer-overflow in ELFSparcAsmBackend::applyFixup

Detailed Report: https://oss-fuzz.com/testcase?key=5081419969986560 Project: keystone Fuzzing Engine: afl Fuzz Target: fuzzasmsparc64be Job Type: aflasankeystone Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6070000000d1 Crash State: ELFSparcAsmBackend::applyFixup...

keystone:fuzz_asm_x86_16: Use-of-uninitialized-value in X86AsmParser::ParseIntelOperand

Detailed Report: https://oss-fuzz.com/testcase?key=5746148690362368 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmx8616 Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: X86AsmParser::ParseIntelOperand...

openstack-keystone: Credentials API allows non-admin to list and retrieve all users credentials

A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforcescope is false. Information for time-based one time passwords TOTP may also be disclosed. Deployments running keystone...

CVE-2019-19687

A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforcescope is false. Information for time-based one time passwords TOTP may also be disclosed. Deployments running keystone...

DEBIAN-CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

DEBIAN-CVE-2013-2167

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

PYSEC-2019-161

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

Information Disclosure

openstack keystone is vulnerable to information disclosure. Any authenticated user is able to list the credentials of any user using the /v3/credentials API when enforcescope is set to false. The leaked credentials include sign-on information for Time-based OTP...

OpenStack Keystone has an unspecified vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the U.S. OpenStack Keystone is a module used in OpenStack to manage the authentication, service rules, and service token functions. A security...

DEBIAN-CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

a10-octavia (>=1.0.0 <=1.3.3) potentially affected by CVE-2019-19687 via keystone (=15.0.1)

keystone PYPI version =15.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keystone and may be impacted: - a10-octavia =1.0.0, =1.3.3 Source cves: CVE-2019-19687 Source advisory: OSV:PYSEC-2019-29...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

Design/Logic Flaw

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

PYSEC-2019-99

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

PYSEC-2019-29

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

UBUNTU-CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

PYSEC-2019-29

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...