207 matches found
Open-Xchange Security Advisory 2013-09-10
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28260 Bug ID Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure Vulnerable version: 7.0.0 to 7.2.2 Vulnerable component: backend default configuration Fixed version...
OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends
The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...
Moderate: Red Hat Security Advisory: openstack-keystone security update
Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Authentication flaw
The 1 REST and 2 memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call...
Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579
Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.5-1.fc18
The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...
[SECURITY] Fedora 19 Update: php-symfony2-HttpFoundation-2.2.5-1.fc19
The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...
Fedora 19 : python-keystoneclient-0.2.3-7.fc19 (2013-14302)
Selective backports from stable/grizzly : - Ec2Signer: Initial support for v4 signature verification. - Allow signature verification for older boto versions. - Default signingdir to secure temp dir. - Fix memcache encryption middleware. CVE-2013-2166, CVE-2013-2167 - Check token expiry...
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...
python-keystoneclient: middleware memcache encryption and signing bypass
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...
OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)
Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...
[SECURITY] Fedora 18 Update: php-symfony2-HttpKernel-2.1.6-1.fc18
HttpKernel provides the building blocks to create flexible and fast HTTP-based frameworks. It takes a Request as an input and should return a Response as an output. Using this interface makes your code compatible with all frameworks using the Symfony2 components. And this will give you many cool...
[SECURITY] Fedora 17 Update: php-symfony2-HttpKernel-2.1.6-1.fc17
HttpKernel provides the building blocks to create flexible and fast HTTP-based frameworks. It takes a Request as an input and should return a Response as an output. Using this interface makes your code compatible with all frameworks using the Symfony2 components. And this will give you many cool...
[SECURITY] Fedora 17 Update: php-symfony2-HttpFoundation-2.1.4-1.fc17
The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...
Fedora 16 : openstack-swift-1.4.8-3.fc16 (2012-15098)
Do not use pickle for serialization in memcache CVE-2012-4406 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Cross site scripting
Cross-site scripting XSS vulnerability in memcacheadmin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcacheadmin, which might "lead to a role change not being recognized until the user logs in again."...
CVE-2010-5276
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcacheadmin, which might "lead to a role change not being recognized until the user logs in again."...
CVE-2010-5275
CVE-2010-5275 corresponds to an XSS vulnerability in the Memcache Drupal project, specifically the memcache_admin module. Technical details across connected documents show that this affects memcache for Drupal 5.x (before 5.x-1.10) and Drupal 6.x (before 6.x-1.6). The root cause is that memcache_...
CVE-2010-5276
The issue CVE-2010-5276 affects the Memcache module for Drupal 5.x and 6.x. Specifically, versions 5.x prior to 5.x-1.10 and 6.x prior to 6.x-1.6 mishandle the $user object in memcache_admin, which can cause a user’s role change to not be recognized until the user logs in again. The Drupal SA adv...