CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0096

Malware in sbrugna...

8.8CVSS8.1AI score0.00817EPSS

Exploits0References17

QT•added 2024/05/24 12:0 a.m.•32 views

Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of...

9.8CVSS9.5AI score0.00483EPSS

Exploits0

FreeBSD•added 2024/05/08 12:0 a.m.•20 views

QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth

Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flo...

9.8CVSS6.6AI score0.00483EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 3:58 a.m.•1 views

SUSE CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS7AI score0.00817EPSS

Exploits0References3

CNVD•added 2022/04/24 12:0 a.m.•27 views

Pivotal Spring Security Oauth Resource Management Error Vulnerability

A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...

4CVSS2.2AI score0.00587EPSS

Exploits0Affected Software1

Github Security Blog•added 2021/06/09 5:34 p.m.•58 views

Insufficient Session Expiration in OpenStack Keystone

8.8CVSS3.1AI score0.00817EPSS

Exploits0References9Affected Software1

OSV•added 2021/06/09 5:34 p.m.•29 views

GHSA-6M8P-X4QW-GH5J Insufficient Session Expiration in OpenStack Keystone

8.8CVSS8.5AI score0.00817EPSS

Exploits0References10

Tenable Nessus•added 2020/09/02 12:0 a.m.•35 views

Ubuntu 18.04 LTS : OpenStack Keystone vulnerabilities (USN-4480-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4480-1 advisory. It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2...

8.8CVSS7.1AI score0.03566EPSS

Exploits0References5

OpenVAS•added 2020/09/02 12:0 a.m.•24 views

Ubuntu: Security Advisory (USN-4480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.03566EPSS

Exploits0References2

Ubuntu•added 2020/09/01 11:10 a.m.•61 views

USN-4480-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. CVE-2020-12689, CVE-2020-12691 It was discovered that OpenStack Keystone incorrectly handled the list of...

8.8CVSS7AI score0.03566EPSS

Exploits0

RedHat Linux•added 2020/07/22 12:38 p.m.•32 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.03566EPSS

Exploits0References4

RedHat Linux•added 2020/07/22 12:36 p.m.•41 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.7AI score0.03566EPSS

Exploits0References5

Tenable Nessus•added 2020/07/22 12:0 a.m.•33 views

RHEL 8 : openstack-keystone (RHSA-2020:3102)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3102 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activitie...

8.8CVSS7AI score0.03566EPSS

Exploits0References10

Veracode•added 2020/06/24 5:7 a.m.•24 views

Privilege Escalation

openstack keystone is vulnerable to privilege escalation. The library does not properly enforce the role parameters associated to an OAuth1 access token. A keystone token containing every role assignment is assigned to a low-privileged user, granting the user more access than required...

8.8CVSS5.8AI score0.00817EPSS

Exploits0References8Affected Software3

RedhatCVE•added 2020/05/07 7:39 p.m.•25 views

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

6.5CVSS3.4AI score0.00817EPSS

Exploits0References4

OSV•added 2020/05/07 12:15 a.m.•22 views

CVE-2020-12690

8.8CVSS8.7AI score

Exploits0References7