12 matches found
CVE-2026-6967
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...
awslabs/tough is Missing Delegated Metadata Validation
Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
EUVD-2025-35650
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...
CVE-2025-41402
CVE-2025-41402 affects Gallagher Command Centre Server. Root cause: Client-Side Enforcement of Server-Side Security (CWE-602) allowing a privileged operator to bypass expiry checks and enter invalid competency data. Affected: 9.30 until MR2 vEL9.30.2482, 9.20 until MR4 vEL9.20.2819, 9.10 until MR...
PT-2014-2551 · Openstack · Python-Keystoneclient
Name of the Vulnerable Software and Affected Versions: python-keystoneclient versions prior to 0.2.4 Description: The issue allows remote authenticated users to retain use of a token after it has expired or use a revoked token once it expires, due to improper checking of expiry for PKI tokens...
Ubuntu Update for keystone USN-1875-1
Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN18751.nasl 8494 2018-01-23 06:57:55Z teissa $ Ubuntu Update for keystone USN-1875-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-1875-1)
Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...
Ubuntu 13.04 : python-keystoneclient vulnerability (USN-1851-1)
Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens the default in Ubuntu 13.04, a previously authenticated user could continue to use a PKI token for longer than...
Ubuntu: Security Advisory (USN-1851-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...