18 matches found
EUVD-2015-4981
Malware in sbrugna...
EUVD-2025-16833
Malicious code in bioql PyPI...
CVE-2025-20987
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...
CVE-2025-20987
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...
CVE-2025-20987
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a authtoken...
CVE-2025-20987
The CVE-2025-20987 issue is tied to fingerprint trustlet on Samsung devices, where improper access control allows local privileged attackers to obtain an auth_token. According to PT-2025-23749 (Fingerprint trustlet) and related sources, affected versions are before SMR May-2025 Release 1. The roo...
RHEL 6 : python-keystoneclient (RHSA-2014:0382)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0382 advisory. Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity authtoke...
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
A context confusion vulnerability was identified in Keystone authtoken middleware shipped in python-keystoneclient before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete...
Schneider Electric Pelco VideoXpert auth_token Cookie Disclosure
Schneider Electric Pelco VideoXpert /portal/ URI path traversal authtoken cookie disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Grab: Private Grab Messages on Android App can be accessed and cached by Search Engines
Description Hello. Today i discovered, that Search Engines can access the private users messages OTP pins, Group invites information etc. It happens because the https://grab-attention.grabtaxi.com host allows search indexing, and can leak the authtoken to the Search Engines which also can lead to...
CVE-2015-4964
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTHTOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process...
CVE-2015-4964
IBM UrbanCode Deploy (UCD) vulnerable in versions 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2. Affected users who can create and execute processes can have the admin AUTH_TOKEN value written to execution logs, enabling privilege escalation by a non-admin user who can run st...
Moderate: Red Hat Security Advisory: python-keystoneclient security update
Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Important: Red Hat Security Advisory: python-keystoneclient security update
Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2014-0105
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
PYSEC-2014-70
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
Design/Logic Flaw
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
CVE-2013-2030
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...