Lucene search
K

14 matches found

vulnersOsv
vulnersOsv
added 2022/05/17 3:17 a.m.3 views

keystonemiddleware (>=1.3.2 <=1.5.3), python-ceilometerclient (>=1.0.14 <=1.1.2) +7 more potentially affected by CVE-2015-1852 via python-keystoneclient (>=1.1.0 <=1.3.4)

python-keystoneclient PYPI version =1.1.0, =1.3.2, =1.0.14, =1.1.2, =0.14.3, =0.9.4, =0.5.8, =2.23.2, =1.0.4, =1.0.5 Source cves: CVE-2015-1852 Source advisory: OSV:GHSA-P9WQ-MJH8-Q72M...

4.3CVSS5.8AI score0.02586EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/01 7:8 p.m.23 views

Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546)

Summary IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack that could allow: - a man-in-the-middle attack, caused by an error in the api-paste.ini configuration file. A remote attacker could exploit this vulnerability using a specially-crafted...

7.5CVSS1.1AI score0.02586EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2015/08/25 5:44 a.m.38 views

Moderate: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

4.3CVSS5.8AI score0.02586EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/08/24 8:17 p.m.25 views

Moderate: Red Hat Security Advisory: python-keystoneclient and python-keystonemiddlware security update

Updated python-keystoneclient and python-keystonemiddleware packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

4.3CVSS5.8AI score0.02586EPSS
Exploits0References2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.61 views

[USN-2705-1] Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2705-1 August 06, 2015 python-keystoneclient, python-keystonemiddleware vulnerabilities ========================================================================== A security issue affects these...

4.3CVSS1.3AI score0.02586EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/08/06 4:10 a.m.54 views

USN-2705-1: Keystone vulnerabilities

Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. CVE-2014-7144 Brant Knudson...

4.3CVSS5.3AI score0.02586EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/08/06 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-2705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.5AI score0.02586EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/06 12:0 a.m.32 views

Ubuntu 14.04 LTS : Keystone vulnerabilities (USN-2705-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2705-1 advisory. Qin Zhao discovered Keystone disabled certification verification when the insecure option is set in a paste configuration paste.ini file regardless of th...

4.3CVSS5.6AI score0.02586EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/07/20 12:0 a.m.26 views

Fedora 22 : python-keystonemiddleware-1.3.2-1.fc22 (2015-11656)

Update to upstream 1.3.2 which incldes fix for CVE-2015-1852 Update to upstream 1.3.1 + S3token incorrect condition expression for sslinsecure CVE-2015-1852 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

4.3CVSS5.3AI score0.02586EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/07/19 12:0 a.m.29 views

Fedora Update for python-keystonemiddleware FEDORA-2015-11656

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.5AI score0.02586EPSS
Exploits0References2
OSV
OSV
added 2015/05/13 9:7 a.m.7 views

SUSE-SU-2015:1208-1 Security update for python-keystoneclient

The python-keystoneclient was updated to fix one security issues. The following vulnerability was fixed: - bsc928205: S3Token TLS cert verification option not honored CVE-2015-1852...

4.3CVSS6.1AI score0.02586EPSS
Exploits0References3
OSV
OSV
added 2015/05/12 1:9 p.m.6 views

SUSE-SU-2015:1141-1 Security update for python-keystoneclient

python-keystoneclient was updated to fix two security issues: bsc928205: S3Token TLS certificate verification option not honored. CVE-2015-1852 bsc897103: TLS certificate verification option not honored in paste configs. CVE-2014-7144 Security Issues: CVE-2014-7144 CVE-2015-1852...

4.3CVSS6AI score0.02586EPSS
Exploits0References6
OSV
OSV
added 2015/04/17 5:59 p.m.3 views

DEBIAN-CVE-2015-1852

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

4.3CVSS7AI score0.02586EPSS
Exploits0References1
CVE
CVE
added 2015/04/17 5:0 p.m.108 views

CVE-2015-1852

OpenStack keystonemiddleware and python-keystoneclient are vulnerable to a man-in-the-middle attack when the paste.ini configuration’s insecure option is used. Specifically, the s3_token middleware in keystonemiddleware (and python-keystoneclient) disables TLS certificate verification if insecure...

4.3CVSS7.1AI score0.02586EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder