Lucene search
K

2077 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Oracle 10g KUPV$FT.ATTACH_JOB - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g - Version 2 - New evil cursor injection tip! - No create procedure privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.16 views

openSUSE Security Update : opera (openSUSE-SU-2012:1481-1)

This Opera 12.10 security update fixes following security issues : -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

5.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.52 views

openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)

The Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA...

10CVSS8.9AI score0.73364EPSS
Exploits31References33
RedHat Linux
RedHat Linux
added 2014/05/29 8:26 p.m.5 views

openstack-keystone: trustee token revocation does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS5.8AI score0.01367EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2014/04/21 12:2 p.m.11 views

OpenSSL Heartbleed and the Value of CRLs

One of the consequences of the drama around the OpenSSL heartbleed vulnerability is that security experts have begun taking a hard look again at the certificate revocation process and whether it actually protects users or gives them any visibility into the validity of a given certificate. In a lo...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2014/04/18 12:27 p.m.25 views

Private Keys Stolen from OpenVPN Using Heartbleed

You can add OpenVPN to the growing list of products and services vulnerable to the Heartbleed OpenSSL vulnerability. Worse, researchers have been able to chain together exploits to steal private keys from traffic moving through the open source virtual private network software package. A Swedish V...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/04/16 12:5 p.m.11 views

Certificate Revocation Slow on Heartbleed Web Servers

The rush to revoke and replace digital certificates on Heartbleed-vulnerable Web servers seems to be no rush at all. Internet research and security services firm Netcraft reports today that of the more than 500,000 servers it knows of that are running vulnerable versions of OpenSSL, only 80,000...

0.8AI score
Exploits0References6
OSV
OSV
added 2014/04/10 11:19 p.m.5 views

SUSE-SU-2015:0841-1 Recommended update for mono-core

This update adds handling of SHA256 hashes to parts of the X509 Certificate classes in the C implementation of Mono bnc871362 and improves handling of non-existing certificate revocation lists bnc810747, bnc606002...

9.8CVSS8.5AI score0.03539EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2014/04/10 12:0 a.m.2839 views

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)

At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser CA/B Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations ma...

5.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.5 views

openstack-keystone: trustee token revocation does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS5.8AI score0.01367EPSS
Exploits1References4
NVD
NVD
added 2014/04/01 6:35 a.m.14 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.2AI score0.01367EPSS
Exploits1References4
OSV
OSV
added 2014/04/01 6:35 a.m.3 views

DEBIAN-CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.8AI score0.01367EPSS
Exploits1References1
OSV
OSV
added 2014/04/01 6:35 a.m.6 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/04/01 6:35 a.m.26 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS5.9AI score0.01367EPSS
Exploits1References3
OSV
OSV
added 2014/04/01 6:35 a.m.7 views

PYSEC-2014-105

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.1AI score0.01367EPSS
Exploits1References4
PyPA
PyPA
added 2014/04/01 6:35 a.m.8 views

PYSEC-2014-105

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.8AI score0.01367EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2014/04/01 6:35 a.m.4 views

UBUNTU-CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS5.8AI score0.01367EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/04/01 1:0 a.m.33 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

6.1AI score0.01367EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2014/04/01 1:0 a.m.27 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.2AI score0.01367EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/07 12:0 a.m.35 views

OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞

Bugtraq ID:65895 CVE ID:CVE-2014-2237 Keystone是Openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone Keystone内存令牌后端存在漏洞,当委托人提交启用模拟的可信令牌时,令牌仅添加到委托人令牌列表,但没添加到受托人令牌列表。这会导致受托人吊销令牌时不能使信任令牌正确失效。 使用memcache后端的Keystone受此漏洞影响。 0 Openstack Keystone 2013.1 - 2013.1.4 Openstack Keystone 2013.2 ...

5CVSS6.5AI score0.01367EPSS
Exploits1
Rows per page
Query Builder