SUSE CVE-2005-1268

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

SUSE CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

SUSE CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

SUSE CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate...

SUSE CVE-2010-0731

The gnutlsx509crtgetserial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1readvalue with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list CRL check and cau...

SUSE CVE-2011-2633

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service application crash via vectors involving a Certificate Revocation List CRL file, as demonstrated by the multicert-ca-02.crl file...

SUSE CVE-2011-3207

crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past...

SUSE CVE-2011-4684

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."...

SUSE CVE-2013-1865

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

SUSE CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

SUSE CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

SUSE CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

SUSE CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4...

SUSE CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

SUSE CVE-2015-3181

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restriction...

SUSE CVE-2015-3308

Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...

SUSE CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

SUSE CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

SUSE CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

SUSE CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...