Page 4 of 19 results (0.024 seconds)

CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La librería del cliente Python de OpenStack para Swift (python-swiftclient) 1.0 hasta 1.9.0 no verifica los certificados X.509 provenientes de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.openwall.com/lists/oss-security/2014/02/17/7 https://bugs.launchpad.net/python-swiftclient/+bug/1199783 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. El middleware TempURL de OpenStack Object Storage (Swift) 1.4.6 hasta la versión 1.8.0, 1.9.0 hasta 1.10.0 y 1.11.0 permite a atacantes remotos obtener URLs secretas mediante el aprovechamiento de un nombre de objeto y un ataque de canal lateral basado en análisis de tiempo. • http://rhn.redhat.com/errata/RHSA-2014-0232.html http://www.openwall.com/lists/oss-security/2014/01/17/5 https://bugs.launchpad.net/swift/+bug/1265665 https://access.redhat.com/security/cve/CVE-2014-0006 https://bugzilla.redhat.com/show_bug.cgi?id=1051670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antiguo que el esperado. • http://rhn.redhat.com/errata/RHSA-2013-1197.html http://www.debian.org/security/2012/dsa-2737 http://www.openwall.com/lists/oss-security/2013/08/07/6 http://www.ubuntu.com/usn/USN-2001-1 https://bugs.launchpad.net/swift/+bug/1196932 https://review.openstack.org/#/c/40643 https://review.openstack.org/#/c/40645 https://review.openstack.org/#/c/40646 https://access.redhat.com/security/cve/CVE-2013-4155 https://bugzilla.redhat.com/show_bug. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html http://rhn.redhat.com/errata/RHSA-2012-1379.html http://rhn.redhat.com/errata/RHSA-2013-0691.html http://www.openwall.com/lists/oss-security/2012/09/05/16 http://www.openwall.com/lists/oss-security/2012/09/05/4 http://www.securityfocus.com/bid/55420 https://bugs.launchpad.net/swift/+bug/1006414 https://bugzilla.redhat.com/show_bug.cgi?id=854757 https://exchange.xforce.ibmcloud.com/ • CWE-502: Deserialization of Untrusted Data •