CVE-2013-4365

The vulnerability CVE-2013-4365 affects Apache HTTP Server’s mod_fcgid module. A heap-based buffer overflow in fcgid_header_bucket_read (fcgid_bucket.c) prior to version 2.3.9 could allow remote attackers to cause an impact via unspecified vectors. Affected product/version: mod_fcgid before 2.3.9...

CVE-2014-3476

CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...