Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 57 results


CVE-2014-3621

Medium priority

Some fixes available 7 of 8

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Fixed
Show less packages

CVE-2014-5253

Medium priority
Fixed

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-5252

Medium priority
Fixed

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-5251

Medium priority
Fixed

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-3520

Medium priority

Some fixes available 1 of 2

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-3476

Medium priority

Some fixes available 1 of 2

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2)...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-2014

Low priority
Ignored

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-2828

Medium priority
Ignored

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2014-0105

Low priority
Ignored

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain...

2 affected packages

keystone, python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected
python-keystoneclient Not affected
Show less packages

CVE-2014-2237

Low priority
Ignored

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected
Show less packages