CGA-3656-69J5-49XJ

Bulletin has no description...

MiracleLinux 7 : kernel-3.10.0-1160.45.1.el7 (AXSA:2021-2485:23)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2485:23 advisory. kernel: Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks CVE-2021-22543 kernel: powerpc: KVM guest OS users can cause host OS...

MiracleLinux 3 : ruby-1.8.5-5.5 (AXSA:2008-514:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-514:03 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

Linux Distros Unpatched Vulnerability : CVE-2012-3656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application cra...

CVE-2020-3656

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009...

Linux Distros Unpatched Vulnerability : CVE-2010-3656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of servic...

Linux Distros Unpatched Vulnerability : CVE-2011-3656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via...

openSUSE Security Advisory (SUSE-SU-2024:3656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3656

creationtimestamp| type| source ---|---|--- 2024-10-09 22:21:05+00:00| seen| https://t.me/cvedetector/7525 2024-10-23 05:29:04+00:00| published-proof-of-concept| https://t.me/CyberDilara/1084 2024-10-23 05:32:04+00:00| published-proof-of-concept| https://t.me/dilagrafie/3806 2024-10-23...

CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

CVE-2024-3656

The issue CVE-2024-3656 affects Keycloak prior to 24.0.5, where several admin REST API endpoints allow low-privilege users to perform administrator actions. The root cause is broken access control enabling authenticated non-admin users to access functionalities intended for admins, potentially le...

Keycloak < 24.0.5 Unauthorized Access (CVE-2024-3656)

In Keycloak prior to 24.0.5, users with low privileges just plain users in the realm are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators,...

com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17), com.charlyghislain.keycloak:keycloak-importexport (>=11.0.1 <=23.0.1) +128 more potentially affected by CVE-2024-3656 via org.keycloak:keycloak-services (>=10.0.0 <=24.0.4)

org.keycloak:keycloak-services MAVEN version =10.0.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.1, =4.0, =4.17 and more Source cves: CVE-2024-3656 Source advisory: OSV:GHSA-2CWW-FGMG-4JQC...

CVE-2014-3656

creationtimestamp| type| source ---|---|--- 2024-03-09 12:11:23+00:00| seen| https://t.me/ctinow/203903 2025-08-17 21:02:23+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwmrsafsn22z...

CVE-2023-3656

creationtimestamp| type| source ---|---|--- 2023-10-03 12:41:04+00:00| seen| https://t.me/cibsecurity/71465...

CVE-2023-3656 Unauthenticated Remote Code Execution

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-002)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-199.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-002 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.1.2.1033-alt1

23.1.2.1033-alt1 built April 4, 2023 Yandex Browser Team in task 317282 March 20, 2023 Yandex Browser Team - browser updated to 23.1.2 + High CVE-2022-4436: Use after free in Blink Media. + High CVE-2022-4437: Use after free in Mojo IPC. + High CVE-2022-4438: Use after free in Blink Frames. + Hig...

CVE-2018-3656

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

K80212034: Linux kernel vulnerability CVE-2021-3656

Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this...