14 matches found
EUVD-2026-42286
SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...
[SECURITY] Fedora 43 Update: rust-reqsign-aws-v4-3.0.1-2.fc43
AWS SigV4 signing implementation for reqsign...
[SECURITY] Fedora 44 Update: rust-reqsign-aws-v4-3.0.1-2.fc44
AWS SigV4 signing implementation for reqsign...
[SECURITY] Fedora 44 Update: rust-reqsign-aws-v4-3.0.0-1.fc44
AWS SigV4 signing implementation for reqsign...
[SECURITY] Fedora 41 Update: rust-reqsign-aws-v4-2.0.1-1.fc41
AWS SigV4 signing implementation for reqsign...
[SECURITY] Fedora 43 Update: rust-reqsign-aws-v4-2.0.0-1.fc43
AWS SigV4 signing implementation for reqsign...
[SECURITY] Fedora 42 Update: rust-reqsign-aws-v4-2.0.0-1.fc42
AWS SigV4 signing implementation for reqsign...
Linux Distros Unpatched Vulnerability : CVE-2020-12692
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can...
Malicious code in signature-v4-multi-region (npm)
--- -= Per source details. Do not edit below this line.=-...
SUSE CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...
openstack-keystone: failure to check signature TTL of the EC2 credential auth method
A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...
openstack-keystone: failure to check signature TTL of the EC2 credential auth method
A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...
DEBIAN-CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...
PYSEC-2020-56
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...