2078 matches found
CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...
CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...
ALPINE-CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...
DEBIAN-CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...
CVE-2018-12546
The CVE describes a vulnerability in Eclipse Mosquitto where, for versions 1.0–1.5.5, a retained message published to a topic remains delivered to future subscribers after that client’s access to the topic is revoked, potentially enabling effects not allowed by normal access controls. This is a s...
CVE-2018-12546
In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...
Authorization Bypass
ipa is vulnerable to authorization bypass attacks. The vulnerability exists as the default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes...
Improper Invalidation Of Token
openstack-keystone is vulnerable to access bypass attacks. The vulnerability exists as the memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not inclu...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. This is due to the way PKI tokens are revoked, which allow users with revoked tokens to retain access to resources that should no longer be accessible...
Code injection
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...
CVE-2018-15326
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...
CVE-2018-15326
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...
CVE-2018-15326
Mode C: CVE-2018-15326 affects BIG-IP APM applying CRLDP authentication; the policy agent may treat revoked certs as valid if the system cannot download a new CRL. Vulnerable versions include BIG-IP APM 14.x (14.0.0–14.0.0.2, 14.0.0.3 listed as vulnerable; fixes introduced in 14.1.0), 13.x (13.0....
CVE-2018-15326
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List...
Error "The server certificate could not be checked for revocation as required by your SSL policy settings. No certificate revocation providers could be loaded."
When trying to launch published application on Mac machine, we get an error"The server certificate could not be checked for revocation as required by your SSL policy settings. No certificate revocation providers could be loaded."...
September 19, 2017—KB4038774 (Preview of Monthly Rollup)
September 19, 2017—KB4038774 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4038792released September 12, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresse...
tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates
When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...
tomcat-native: Mishandled OCSP invalid response
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...
CVE-2018-2451
XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...
GHSA-5P9F-55J8-922M Moderate severity vulnerability that affects doorkeeper
Withdrawn, accidental duplicate publish. The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...