800 matches found
Incorrect Authorization
Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...
GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
PYSEC-2026-202
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
PT-2026-31855
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0 Description A flaw exists in OpenStack Keystone where restricted application credentials can be used to create EC2 credentials. An authenticated user with a...
PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL
Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...
UBUNTU-CVE-2026-23352
In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...
CVE-2022-23511
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM...
aware (>=0.0.1 <=0.0.30), aws-manager (>=0.0.1 <=0.21.2) +5 more potentially affected by unknown CVE via aws-sdk-ec2 (>=0.0.22-alpha <=0.9.0)
aws-sdk-ec2 CARGO version =0.0.22-alpha, =0.0.1, =0.0.1, =0.0.0, =0.1.0, =0.4.0, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
aws-manager (>=0.0.18 <=0.21.2), ec2-search (>=0.14.0 <=0.14.1) potentially affected by unknown CVE via aws-sdk-autoscaling (>=0.18.0 <=0.9.0)
aws-sdk-autoscaling CARGO version =0.18.0, =0.0.18, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
USN-7926-1: OpenStack Keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
CVE-2025-65073
A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...
Access Control Bypass
Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...
CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
SUSE CVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
USN-7857-1: OpenStack Keystone vulnerability
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...
UBUNTU-CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
GO-2025-4028 go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness...
CVE-2025-62375
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...