47 matches found
Design/Logic Flaw
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
CVE-2017-16858
The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...
CVE-2017-16858
The CVE-2017-16858 issue affects Atlassian Crowd’s crowd-application plugin (used by Google Apps) where versions 1.5.0–3.1.1 allow impersonation of a Crowd user in REST requests by authenticating to a directory bound to an application. In the described scenario, if Crowd is bound to directory 1 w...
Design/Logic Flaw
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...
CVE-2016-6249
Summary of CVE-2016-6249 (F5 BIG-IP REST vulnerability) Affected products/versions: F5 BIG-IP 12.0.0 and 11.5.0 – 11.6.1 (REST framework). The vendor advisory lists vulnerable and non‑vulnerable versions (e.g., 12.1.0–12.1.2 as not vulnerable) and enumerates affected modules under the REST framew...
CVE-2016-1302
Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...
CVE-2016-1302
Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...
Code injection
Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...
CVE-2016-1302
Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...
[USN-2311-1] pyCADF vulnerability
========================================================================== Ubuntu Security Notice USN-2311-1 August 11, 2014 python-pycadf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
[USN-2311-2] OpenStack Ceilometer vulnerability
========================================================================== Ubuntu Security Notice USN-2311-2 August 21, 2014 ceilometer vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu 14.04 LTS : OpenStack Ceilometer vulnerability (USN-2311-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2311-2 advisory. USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Tenable has extracted the preceding descripti...
Ubuntu: Security Advisory (USN-2311-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2321-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2321-1 neutron vulnerabilities
Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. CVE-2014-3555 Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain...
USN-2311-2: OpenStack Ceilometer vulnerability
USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in...
USN-2311-2 ceilometer vulnerability
USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in...
Ubuntu 14.04 LTS : pyCADF vulnerability (USN-2311-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2311-1 advisory. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST...