22 matches found
EUVD-2014-0028
Malware in sbrugna...
EUVD-2014-0026
Malware in sbrugna...
EUVD-2013-4339
Malware in sbrugna...
EUVD-2022-39124
Malicious code in bioql PyPI...
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...
Authentication flaw
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. An API request may, in effect, be executed with the credentials of a user who authenticated in the past...
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
GHSA-6MV3-P2GR-WGQF OpenStack Identity (Keystone) DoS through V3 API authentication chaining
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as the V3 API updates the issuedat value for UUID v2 tokens, and allows authenticated users to bypass the token expiration to retain access...
Denial Of Service (DoS)
openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as the V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same...
Security Bulletin: IBM SmartCloud Orchestrator - Keystone DoS through V3 API authentication chaining (CVE-2014-2828)
Summary By sending a single request with the same authentication method multiple times, a remote attacker might generate unwanted load on the Keystone host, which might potentially result in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected...
Important: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...
Cross site request forgery (csrf)
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
PYSEC-2014-108
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
CVE-2014-5252
CVE-2014-5252 affects OpenStack Keystone. The V3 API in 2014.1.x (before 2014.1.2.1) and Juno (before Juno-3) mishandles issued_at for UUID v2 tokens, allowing remote authenticated users to bypass expiration by reusing tokens via GET or HEAD to /v3/auth/tokens/. Mitigation: upgrade Keystone to th...
CVE-2014-5252
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
CVE-2013-4471
The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...
CVE-2014-2828
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
Authentication flaw
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...