2016 matches found
Fast-DDS 安全漏洞
Fast-DDS is a complete DDS open source by eProsima. A security vulnerability exists in Fast-DDS version 3.3 that stems from improper ticket revocation validation and could lead to insecure communication...
CVE-2025-67108
CVE-2025-67108 affects eProsima Fast-DDS v3.3. The issue is improper validation for ticket revocation, causing insecure communications and connections. Impact is described as high confidentiality/integrity risk with network-based access and no user interaction. Several connected sources corrobora...
SUSE CVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
EUVD-2025-203404
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
PYSEC-2025-110
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...
CVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
USN-7926-1: OpenStack Keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
USN-7926-1 keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
GO-2025-4181 step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates
step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates...
Managed TLS under Migration: Authentication Authority across CDN and Hosting Transitions
Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts control of authentication material from the domain owner to t...
CVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...
CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
EUVD-2025-201014
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...