Lucene search
K

2077 matches found

OSV
OSV
added 2016/06/13 2:59 p.m.4 views

DEBIAN-CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS6.8AI score0.01402EPSS
Exploits0References1
PyPA
PyPA
added 2016/06/13 2:59 p.m.6 views

PYSEC-2016-38

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS6.8AI score0.01402EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2016/06/13 2:59 p.m.7 views

PYSEC-2016-38

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS4.3AI score0.01402EPSS
Exploits0References6
Cvelist
Cvelist
added 2016/06/13 2:0 p.m.23 views

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3AI score0.01402EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2016/05/18 9:18 a.m.20 views

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS5AI score0.01402EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/18 12:0 a.m.4 views

OpenStack Keystone Design Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. A security vulnerability...

4.3CVSS6.8AI score0.01402EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.6 views

The vulnerability of the Mac OS X operating system allows a hacker to circumvent the mechanism for revoking access to contacts.

The vulnerability of the AppSandbox component for operating systems Mac OS X and iOS is related to improper handling of hard links. Exploiting this vulnerability allows a malicious actor to bypass the mechanism for revoking access to contacts through a specially created application...

6.8CVSS7.2AI score0.02044EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2016/02/03 6:59 p.m.3 views

DEBIAN-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

7.5CVSS6.9AI score0.01708EPSS
Exploits0References1
CVE
CVE
added 2015/12/11 11:0 a.m.58 views

CVE-2015-7001

CVE-2015-7001 affects Apple platforms: iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1. The underlying issue is AppSandbox mishandling hard links, which allows a crafted app to bypass Contacts access revocation. This is the explicit vulnerability described in CVE sour...

6.8CVSS7.7AI score0.02044EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVAS
added 2015/11/16 12:0 a.m.10 views

Palo Alto PAN-OS API Key Automatic Revocation Vulnerability (PAN-SA-2015-0006)

An issue has been identified in PAN-OS that prevents old management API keys for local administrator accounts from being invalidated upon password change until the device is rebooted. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...

5.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2015/11/09 2:50 p.m.9 views

Comodo, CAs Issue Forbidden Certificates

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses. In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to c...

1.1AI score
Exploits0References3
Palo Alto Networks
Palo Alto Networks
added 2015/11/09 12:0 a.m.14 views

API key automatic revocation

An issue has been identified in PAN-OS that prevents old management API keys for local administrator accounts from being invalidated upon password change until the device is rebooted. This issue can create a period of time during which an administrator changes the account password, thus creating ...

6.8AI score
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2015/10/29 12:0 a.m.82 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-606)

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835 , CVE-2015-4881 , CVE-2015-4843 , CVE-2015-4883 , CVE-2015-4860 ,...

10CVSS6.4AI score0.09991EPSS
Exploits0References19
OpenVAS
OpenVAS
added 2015/10/26 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2015-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.09991EPSS
Exploits0References5
Mageia
Mageia
added 2015/10/25 4:34 p.m.53 views

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...

10CVSS6.3AI score0.09991EPSS
Exploits0References3
OSV
OSV
added 2015/10/25 4:34 p.m.14 views

MGASA-2015-0412 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2015-4835,...

10CVSS5.9AI score0.09991EPSS
Exploits0References4
NVD
NVD
added 2015/10/23 10:59 a.m.18 views

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

4.3CVSS5.5AI score0.00903EPSS
Exploits0References6
Prion
Prion
added 2015/10/23 10:59 a.m.18 views

Design/Logic Flaw

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

4.3CVSS5.8AI score0.00903EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2015/10/23 10:0 a.m.27 views

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

5.5AI score0.00903EPSS
Exploits0References6
CVE
CVE
added 2015/10/23 10:0 a.m.61 views

CVE-2015-6997

CVE-2015-6997 affects Apple iOS up to 9.0.x where the X.509 certificate-trust validation did not recognize that kSecRevocationRequirePositiveResponse requires revocation checking. This allowed a MITM attacker with revoked certificate access to spoof endpoints. The issue was addressed in iOS 9.1 b...

4.3CVSS5.4AI score0.00903EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder