Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.5AI score0.00246EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.6 views

awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2025/10/23 4:16 a.m.6 views

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:38 a.m.3 views

EUVD-2025-35650

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS6.4AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/23 3:38 a.m.2 views

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS6.5AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/23 3:38 a.m.7 views

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS0.00126EPSS
Exploits0References1
CVE
CVE
added 2025/10/23 3:38 a.m.12 views

CVE-2025-41402

CVE-2025-41402 affects Gallagher Command Centre Server. Root cause: Client-Side Enforcement of Server-Side Security (CWE-602) allowing a privileged operator to bypass expiry checks and enter invalid competency data. Affected: 9.30 until MR2 vEL9.30.2482, 9.20 until MR4 vEL9.20.2819, 9.10 until MR...

5.5CVSS6.5AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/01/21 12:0 a.m.3 views

PT-2014-2551 · Openstack · Python-Keystoneclient

Name of the Vulnerable Software and Affected Versions: python-keystoneclient versions prior to 0.2.4 Description: The issue allows remote authenticated users to retain use of a token after it has expired or use a revoked token once it expires, due to improper checking of expiry for PKI tokens...

8.7CVSS6AI score0.02064EPSS
Exploits0References16
OpenVAS
OpenVAS
added 2013/06/18 12:0 a.m.37 views

Ubuntu Update for keystone USN-1875-1

Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN18751.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for keystone USN-1875-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

5.5CVSS9.6AI score0.03128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/06/14 12:0 a.m.32 views

Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-1875-1)

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

5.5CVSS5.4AI score0.03128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/06/04 12:0 a.m.37 views

Ubuntu 13.04 : python-keystoneclient vulnerability (USN-1851-1)

Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens the default in Ubuntu 13.04, a previously authenticated user could continue to use a PKI token for longer than...

5.5CVSS5.4AI score0.02064EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/06/04 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-1851-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS9.5AI score0.02064EPSS
Exploits0References2
Rows per page
Query Builder