VYPR
Vendor

Keystone

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2022-29354CriMay 16, 2022
    risk 0.64cvss 9.8epss 0.02

    An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2012-1572HigNov 12, 2019
    risk 0.49cvss 7.5epss 0.01

    OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

  • CVE-2022-2447MedSep 1, 2022
    risk 0.43cvss 6.6epss 0.01

    A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than…

  • CVE-2016-4911MedJun 13, 2016
    risk 0.21cvss 4.3epss 0.01

    The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

  • CVE-2006-1578Apr 2, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.