GHSA-23X9-8HXR-978C OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware

A context confusion vulnerability was identified in Keystone authtoken middleware shipped in python-keystoneclient before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete...

Zimbra Access Control Error Vulnerability

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to an access control error. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could exploit the vulnerability to inje...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

Design/Logic Flaw

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Recent assessments: rbowes-r7 at August 16, 2022 8:10pm UTC...

CVE-2022-27924

CVE-2022-27924 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0, allowing an unauthenticated attacker to inject arbitrary memcache commands into a targeted ZCS instance, with those commands becoming unescaped and enabling overwriting of arbitrary cached entries and extraction of credential...

CVE-2022-27924

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...

Zimbra 注入漏洞

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to an access control error. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could exploit the vulnerability to inje...

PT-2022-3567

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration aka ZCS versions 8.8.15 through 9.0.0 Description The issue allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, causing an overwrite of arbitrary cached entries. This can be...

Inadequate Encryption Strength in python-keystoneclient

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

GHSA-C3XQ-CJ8F-7829 Inadequate Encryption Strength in python-keystoneclient

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2021:1444-1)

This update for samba fixes the following issues : CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. Avoid free'ing o...

rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

OESA-2021-1145 rubygem-rails security update

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration. Security Fixes: A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can...

DEBIAN-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

UBUNTU-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

GHSA-9VG3-CF92-H2H7 Insufficient Verification of Data Authenticity in python-keystoneclient

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...

Insufficient Verification of Data Authenticity in python-keystoneclient

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...