2007 matches found
DEBIAN-CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
PYSEC-2014-105
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
PYSEC-2014-105
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
UBUNTU-CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞
Bugtraq ID:65895 CVE ID:CVE-2014-2237 Keystone是Openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone Keystone内存令牌后端存在漏洞,当委托人提交启用模拟的可信令牌时,令牌仅添加到委托人令牌列表,但没添加到受托人令牌列表。这会导致受托人吊销令牌时不能使信任令牌正确失效。 使用memcache后端的Keystone受此漏洞影响。 0 Openstack Keystone 2013.1 - 2013.1.4 Openstack Keystone 2013.2 ...
nss security update
3.15.3-3.0.1.el65 - Added nss-vendor.patch to change vendor 3.15.3-3 - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate MFSA 2013-117 rhel-6.6...
OpenStack: Keystone disabling a tenant does not disable a user token
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
CVE-2013-5190
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service Smart Card usage outage by interfering with the revocation-check procedure...
Design/Logic Flaw
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service Smart Card usage outage by interfering with the revocation-check procedure...
CVE-2013-5190
This CVE-2013-5190 affects Apple Mac OS X before 10.9, where Smart Card Services fail to properly enforce certificate revocation checks. The result is a denial of service (Smart Card usage outage) when the revocation-check procedure is interfered with. Public details consistently describe the vul...
CVE-2013-5190
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service Smart Card usage outage by interfering with the revocation-check procedure...
Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-2002-1)
Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. CVE-2013-4222 Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when...
USN-2002-1: Keystone vulnerabilities
Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. CVE-2013-4222 Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...
APPLE-SA-2013-09-20-1 Apple TV 6.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or...