Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystone vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-1578
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.
Index Data Aps Keystone Digital Library Suite
5
CVSSv2
CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and previous versions, Folsom 2012.2.3 and previous versions, and Grizzly grizzly-2 and previous versions allows remote malicious users to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generat...
Openstack Keystone
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
6.5
CVSSv2
CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access...
Suse Openstack Cloud 8.0
Suse Keystone-json-assignment
Hp Helion Openstack 8.0
5
CVSSv2
CVE-2012-1572
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
Openstack Keystone -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2022-2447
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
Openstack Keystone -
Redhat Storage 3.0
Redhat Quay 3.0.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
5
CVSSv2
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote malicious users to cause a denial of service (resource consump...
Openstack Cinder Folsom -
Openstack Keystone Essex -
Openstack Folsom -
Openstack Grizzly -
Openstack Compute \\(nova\\) Essex -
Openstack Compute \\(nova\\) Folsom -
4.3
CVSSv2
CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Openstack Compute 2013.1
Openstack Keystone 2013
Redhat Openstack 3.0
Redhat Openstack 4.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integri...
Openstack Keystone
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 16.2
4.3
CVSSv2
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote malicious users to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier wa...
Openstack Essex 2012.1
Openstack Horizon Folsom-3
6.8
CVSSv2
CVE-2013-1865
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote malicious users to bypass intended access restrictions via a revoked PKI token.
Openstack Folsom 2012.2
Canonical Ubuntu Linux 12.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »