Lucene search
K

14 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39476

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:17 p.m.7 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.5 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.12 views

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.482.b08-1.el8 (AXSA:2026-109:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-109:02 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

7.5CVSS6.3AI score0.00864EPSS
Exploits6References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/22 1:50 a.m.4 views

Malicious code in api-key-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a88a62f8ea00d632d4e82aaad35c4ba5fc30f8c8974e967235a721edb9df9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/22 1:50 a.m.2 views

MAL-2025-6149 Malicious code in api-key-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a88a62f8ea00d632d4e82aaad35c4ba5fc30f8c8974e967235a721edb9df9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.6 views

Vulnerability of the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class in the Java library for supporting SSH protocol by Apache SSHD, allowing a hacker to execute arbitrary code.

The vulnerability of the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class in the Java library for supporting SSH protocol Apache SSHD is related to deserialization mechanism flaws. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.1AI score0.03571EPSS
Exploits1References4Affected Software16
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.6 views

SUSE CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS6.7AI score0.03571EPSS
Exploits1References4
OSV
OSV
added 2022/11/16 12:0 p.m.4 views

GHSA-FHW8-8J55-VWGQ Unsafe deserialization in Apache MINA SSHD

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS7.1AI score0.03571EPSS
Exploits1References6
Prion
Prion
added 2022/11/16 9:15 a.m.37 views

Deserialization of untrusted data

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

7.5CVSS9.2AI score0.03571EPSS
Exploits1References2Affected Software1
Citrix
Citrix
added 2022/03/07 12:0 a.m.213 views

Citrix Federated Authentication Service (FAS) Security Update

An issue has been identified in Citrix Federated Authentication Service FAS which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider...

4.4CVSS5.3AI score0.0017EPSS
Exploits0
OSV
OSV
added 2021/02/08 5:43 p.m.17 views

GHSA-4PH2-8337-HM62 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

7.1AI score
Exploits0References4
Drupal
Drupal
added 2015/11/18 12:0 a.m.15 views

Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166

This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses depending on module usage. The default encryption method could...

6.7AI score
Exploits0References12
Rows per page
Query Builder