CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

473 matches found

Prion•added 2013/04/12 10:55 p.m.•17 views

Design/Logic Flaw

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

5CVSS7.2AI score0.03009EPSS

Exploits0References6Affected Software1

Cvelist•added 2013/04/12 10:0 p.m.•31 views

CVE-2013-0270 Keystone: openstack keystone: denial of service via large http request with long tenant name

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

6.5CVSS6.6AI score0.03009EPSS

Exploits0References7

Debian CVE•added 2013/04/12 10:0 p.m.•22 views

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

5CVSS6.3AI score0.01747EPSS

Exploits1

Tenable Nessus•added 2013/04/09 12:0 a.m.•31 views

Fedora 18 : openstack-keystone-2012.2.3-5.fc18 (2013-4590)

Fix online revocation check for PKI tokens CVE-2013-1865 Add openssl dependency for PKI tokens Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...

6.8CVSS5.3AI score0.02608EPSS

Exploits0References3

RedHat Linux•added 2013/04/04 8:15 p.m.•46 views

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

6.8CVSS5.8AI score0.03009EPSS

Exploits0References7

NVD•added 2013/04/03 12:55 a.m.•22 views

CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS9.2AI score0.04863EPSS

Exploits1References10

NVD•added 2013/04/03 12:55 a.m.•23 views

CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS9.4AI score0.04593EPSS

Exploits0References11

OSV•added 2013/04/03 12:55 a.m.•6 views

CVE-2013-1665

6.6AI score

Exploits0References11

OSV•added 2013/04/03 12:55 a.m.•2 views

DEBIAN-CVE-2013-1664

5CVSS9.1AI score0.04863EPSS

Exploits1References1

OSV•added 2013/04/03 12:55 a.m.•6 views

CVE-2013-1664

6.4AI score

Exploits0References10

CVE•added 2013/04/03 12:0 a.m.•86 views

CVE-2013-1665

CVE-2013-1665 is an XXE vulnerability in Python’s XML libraries (used by OpenStack Keystone Essex/Folsom and Django) that allows reading arbitrary files via external entity declarations. Public docs show mitigations such as upstream/Keystone patches that disable XML entity parsing (see Keystone 2...

5CVSS6.5AI score0.04593EPSS

Exploits0References11Affected Software2

securityvulns•added 2013/03/24 12:0 a.m.•74 views

[USN-1772-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-1772-1 March 20, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.2AI score0.02608EPSS

Exploits0

NVD•added 2013/03/22 9:55 p.m.•14 views

CVE-2013-1865

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

6.8CVSS6.5AI score0.02608EPSS

Exploits0References10

OSV•added 2013/03/22 9:55 p.m.•7 views

PYSEC-2013-39

6.8CVSS6.4AI score0.02608EPSS

Exploits0References11

Positive Technologies•added 2013/03/22 12:0 a.m.•2 views

PT-2013-3441 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue allows remote attackers to bypass intended access restrictions via a revoked PKI token, due to improper revocation checks for Keystone PKI tokens when performed through a server...

6.9CVSS6.3AI score0.02608EPSS

Exploits0References21

RedHat Linux•added 2013/03/21 6:11 p.m.•0 views

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

5CVSS7.4AI score0.04863EPSS

Exploits1References4

RedHat Linux•added 2013/03/21 6:11 p.m.•3 views

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

5CVSS7.4AI score0.04593EPSS

Exploits0References4

RedHat Linux•added 2013/03/21 6:8 p.m.•3 views

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities