136 matches found
EUVD-2012-2367
Malware in sbrugna...
EUVD-2013-2074
Malware in sbrugna...
EUVD-2025-0239
Malicious code in bioql PyPI...
EUVD-2022-5146
Malicious code in bioql PyPI...
EUVD-2025-0116
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-2141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw t...
GHSA-G6QQ-C9F9-2772 Keycloak on Quarkus CLI option for encrypted JGroups ignored
The env option KCCACHEEMBEDDEDMTLSENABLED does not work and the jgroups replication configuration is always used in plain. This option worked before in 24 and 22. More info in public issue https://github.com/keycloak/keycloak/issues/34644...
Keycloak on Quarkus CLI option for encrypted JGroups ignored
The env option KCCACHEEMBEDDEDMTLSENABLED does not work and the jgroups replication configuration is always used in plain. This option worked before in 24 and 22. More info in public issue https://github.com/keycloak/keycloak/issues/34644...
Sensitive Information Exposure
Infinispan is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper logging due to the exposure of sensitive information, such as configuration details or credentials, through logging mechanisms when using JGroups with JDBCPING...
CVE-2025-0736
A flaw was found in Infinispan, when using JGroups with JDBCPING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by maliciou...
CVE-2025-0736 Org.infinispan-infinispan-parent: exposure of sensitive information in application logs
A flaw was found in Infinispan, when using JGroups with JDBCPING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by maliciou...
CVE-2025-0736
A flaw was found in Infinispan, when using JGroups with JDBCPING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by maliciou...
Cleartext Transmission Of Sensitive Information
Keycloak is vulnerable to plain text replication. The vulnerability is due to the environment option KCCACHEEMBEDDEDMTLSENABLED not functioning as intended, resulting in JGroups replication configuration always using plain text, which allows attackers on adjacent networks to intercept and read...
Keycloak 25.0.x < 26.0.6 Information Disclosure (GHSA-6mpx-pmgp-ww49)
Keycloak versions installed prior to 26.0.6 are affected by an information disclosure vulnerability as referenced in the advisory. - A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in...
Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g6qq-c9f9-2772. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroup...
GHSA-6MPX-PMGP-WW49 Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g6qq-c9f9-2772. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroup...
CVE-2024-10973
A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...
CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored
A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...
CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored
A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...
CVE-2024-10973
Keycloak vulnerability CVE-2024-10973: the KC_CACHE_EMBEDDED_MTLS_ENABLED environment option does not work and JGroups replication is used in plain text, allowing an attacker on adjacent networks to read sensitive information. The issue affects Keycloak deployments relying on this configuration; ...