1543 matches found
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
CVE-2018-20170
OpenStack Keystone up to 14.0.1 is affected by a user enumeration vulnerability where invalid usernames yield faster responses than valid ones for POST /v3/auth/tokens. The root cause is a timing discrepancy in authentication processing. The vendor characterizes this as a hardening opportunity, n...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
PT-2018-15283 · Openstack · Openstack Keystone
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions through 14.0.1 Description: The issue allows for user enumeration due to the difference in response times for valid and invalid usernames when making a POST request to the "/v3/auth/tokens" endpoint. The vendor vie...
keystone/fuzz_asm_sparc64be: Heap-buffer-overflow in ELFSparcAsmBackend::applyFixup
Detailed report: https://oss-fuzz.com/testcase?key=5642078139187200 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmsparc64be Fuzz target binary: fuzzasmsparc64be Job Type: libfuzzerasankeystone Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6070000003e1 Crash State...
keystone/fuzz_asm_mips64be: Use-of-uninitialized-value in MipsAsmParser::isPicAndNotNxxAbi
Detailed report: https://oss-fuzz.com/testcase?key=5670109310353408 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmmips64be Fuzz target binary: fuzzasmmips64be Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_arm_thumbv8be: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize
Detailed report: https://oss-fuzz.com/testcase?key=5632277325807616 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmarmthumbv8be Fuzz target binary: fuzzasmarmthumbv8be Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
SUSE-RU-2018:3638-1 Recommended update for ardana-ansible
This update for ardana-ansible fixes the following issues: ardana-ansible: - Initial checkin of info capture tool - Rename dayzero-site.yml bsc1111886 - Switch to non-legacy media layout by default. - Add Keystone Fernet master node monitoring. bsc1097241 - Add restart verb for maintenance update...
keystone/fuzz_asm_arm_armbe: Crash in llvm_ks::MCSymbol::isRegistered
Detailed report: https://oss-fuzz.com/testcase?key=5751870102962176 Project: keystone Fuzzer: aflkeystonefuzzasmarmarmbe Fuzz target binary: fuzzasmarmarmbe Job Type: aflasankeystone Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00008fff8001 Crash State:...
keystone/fuzz_asm_armv8_arm: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize
Detailed report: https://oss-fuzz.com/testcase?key=5768306540150784 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmarmv8arm Fuzz target binary: fuzzasmarmv8arm Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_hex: Use-of-uninitialized-value in llvm_ks::HexagonMCCodeEmitter::getExprOpValue
Detailed report: https://oss-fuzz.com/testcase?key=5664745516957696 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmhex Fuzz target binary: fuzzasmhex Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_sparc64be: Bad-free in llvm_ks::MCEncodedFragmentWithFixups<32u, 4u>::~MCEncodedFragmentWithFixups
Project: https://github.com/keystone-engine/keystone.git Detailed report: https://oss-fuzz.com/testcase?key=5745963403051008 Project: keystone Fuzzer: aflkeystonefuzzasmsparc64be Fuzz target binary: fuzzasmsparc64be Job Type: aflasankeystone Platform Id: linux Crash Type: Bad-free Crash Address:...
keystone/fuzz_asm_x86_64: Use-of-uninitialized-value in X86AsmParser::ParseIntelOperand
Detailed report: https://oss-fuzz.com/testcase?key=5742603060903936 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8664 Fuzz target binary: fuzzasmx8664 Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_arm_thumb: Use-of-uninitialized-value in llvm_ks::ARMAsmBackend::applyFixup
Detailed report: https://oss-fuzz.com/testcase?key=5640810557603840 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmarmthumb Fuzz target binary: fuzzasmarmthumb Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_arm_thumbbe: Bad-cast to const llvm_ks::MCSectionELF from llvm_ks::MCSectionMachO in llvm_ks::MCELFStreamer::ChangeSection
Detailed report: https://oss-fuzz.com/testcase?key=5757565082796032 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmarmthumbbe Fuzz target binary: fuzzasmarmthumbbe Job Type: libfuzzerubsankeystone Platform Id: linux Crash Type: Bad-cast Crash Address: 0x0000050dee30 Crash State: Bad-cast to...
keystone/fuzz_asm_x86_16: Heap-use-after-free in llvm_ks::X86Operand::getToken
Detailed report: https://oss-fuzz.com/testcase?key=5740417828519936 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8616 Fuzz target binary: fuzzasmx8616 Job Type: libfuzzerasankeystone Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x60d0000003a8 Crash State:...
keystone/fuzz_asm_arm_armbe: Use-of-uninitialized-value in llvm_ks::APFloat::isFinite
Detailed report: https://oss-fuzz.com/testcase?key=5695402544726016 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmarmarmbe Fuzz target binary: fuzzasmarmarmbe Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...
keystone/fuzz_asm_mipsbe: Use-of-uninitialized-value in llvm_ks::AsmLexer::LexDigit
Project: https://github.com/keystone-engine/keystone.git Detailed report: https://oss-fuzz.com/testcase?key=5695573806546944 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmmipsbe Fuzz target binary: fuzzasmmipsbe Job Type: libfuzzermsankeystone Platform Id: linux Crash Type:...
openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects
A flaw was found in Keystone federation. By doing GET /v3/OS-FEDERATION/projects an authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is...
Important: Red Hat Security Advisory: openstack-keystone security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...