Lucene search
+L

65 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...

8.8CVSS5.9AI score0.00446EPSS
Exploits6References8
OSV
OSV
added 2026/06/11 10:16 a.m.10 views

DEBIAN-CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.2AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 10:16 a.m.10 views

UBUNTU-CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.3AI score0.00261EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 9:49 a.m.34 views

CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS0.00261EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/11 9:49 a.m.9 views

CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.3AI score0.00261EPSS
Exploits0
EUVD
EUVD
added 2026/06/11 9:49 a.m.11 views

EUVD-2026-36219

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.4AI score0.00261EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 9:31 p.m.9 views

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00317EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/14 8:16 p.m.3 views

DEBIAN-CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.3AI score0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 8:5 p.m.5 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00317EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32909

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 28.0.1 Description The LDAP identity backend fails to convert the user enabled attribute to a boolean value when the user enabled invert configuration option is set to False. Specifically, the ldap res to...

7.7CVSS5.2AI score0.00317EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : krb5-1.9-22.AXS4.1 (AXSA:2012-29:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-29:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

7.8CVSS7AI score0.04177EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-18213

Malware in sbrugna...

7.5CVSS6.1AI score0.0135EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-12604

Malware in sbrugna...

4.3CVSS4.7AI score0.00643EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-8060

Malware in sbrugna...

7.5CVSS7.5AI score0.00671EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/14 4:45 a.m.8 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

7.5CVSS6.7AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/19 6:48 p.m.12 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

6.8AI score0.00578EPSS
Exploits0References2
OSV
OSV
added 2024/05/19 6:48 p.m.18 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

7.5CVSS6.8AI score0.00578EPSS
Exploits0References4
OSV
OSV
added 2024/04/22 3:52 p.m.24 views

GHSA-X883-2VMG-XWF7 Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

1.6CVSS7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/21 12:0 a.m.28 views

RHEL 6 : openstack-keystone (RHSA-2013:0994)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0994 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

4.3CVSS5.5AI score0.03128EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/15 1:53 a.m.52 views

Important: Red Hat Security Advisory: bind and bind-dyndb-ldap security updates

Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99995EPSS
Exploits1References7
Rows per page
Query Builder