Lucene search
+L

268 matches found

OSV
OSV
added 2026/05/28 9:32 p.m.3 views

GHSA-WHQR-FGM5-X77Q OpenStack Keystone's federated token rescoping mechanism doesn't propagate the original token's expiry to the newly issued token

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.00249EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 7:16 p.m.17 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS0.00249EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 7:16 p.m.4 views

PYSEC-2026-603

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 7:16 p.m.21 views

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.11 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.00249EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.32 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS0.00249EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the joint token revalidation mechanism, which did not propagate the expiration...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.13 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.02266EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/05/28 12:0 a.m.3 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS6AI score0.00249EPSS
Exploits1References4
NVD
NVD
added 2026/05/27 6:16 p.m.13 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:34 p.m.9 views

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 4:34 p.m.14 views

EUVD-2026-32582

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 4:34 p.m.10 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 4:34 p.m.3 views

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.9AI score0.00324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:34 p.m.15 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 4:34 p.m.48 views

CVE-2026-44378 Botan: Quadratic complexity decoding BER indefinite length encodings

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:34 p.m.26 views

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-47071

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS5.7AI score0.00703EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/26 5:34 a.m.14 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.6AI score0.00803EPSS
Exploits1References6
NVD
NVD
added 2026/05/25 3:16 p.m.20 views

CVE-2026-47071

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS0.00703EPSS
Exploits1References4
Rows per page
Query Builder