73 matches found
EUVD-2026-5130
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
PT-2026-5623
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...
Session Fixation
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Session Fixation in the backchannel logout when browser cookies are missing. An attacker using the same brows...
EUVD-2019-0509
Malware in sbrugna...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-384161)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-384161 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If...
SUSE-SU-2025:03314-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50116: kernel: tty: ngsm: fix deadlock and link starvation in outgoing data path bsc1244824. - CVE-2024-53177: smb: prevent use-after-free due to...
PT-2025-37260
Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Orchestrator LXCO affected versions not specified Description: An attacker with access to a device on the local network segment may be able to manipulate the device to create an alternate communication channel. This could allo...
CVE-2024-11736
CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...
Keycloak allows unrestricted admin use of system and environment variables
A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...
org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...
PT-2025-1684 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...
SUSE CVE-2024-53217
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...
AZL-56346 CVE-2024-53215 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpucounter in svcrdmaprocinit There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC:...
AZL-56181 CVE-2024-53217 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...
DEBIAN-CVE-2024-53217
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...
UBUNTU-CVE-2024-53217
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...
CVE-2024-53217 NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...
CVE-2024-53217 NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...