EUVD-2020-18822

Malware in sbrugna...

EUVD-2024-3342

Malicious code in bioql PyPI...

Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider...

Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5545-r4hg-rj4m. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file...

CVE-2024-10492 Keycloak-quarkus-server: keycloak path trasversal

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider...

CVE-2024-10492

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider...

SUSE-SU-2021:3007-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.27 - OpenJDK 7u311 July 2021 CPU Security fixes: - CVE-2021-2341: Improve file transfers bsc1188564 - CVE-2021-2369: Better jar file validation bsc1188565 - CVE-2021-2432: Provide better LDAP provider support bsc1188568 ...

CVE-2020-26197

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication...

CVE-2020-26197

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication...

CVE-2020-26197

Dell PowerScale OneFS (versions 8.1.0–9.1.0) contains an LDAP Provider TLSv1.2 connectivity issue that can allow eavesdropping/decryption of LDAP traffic when the LDAP server is used for authentication. Root cause: LDAP over TLSv1.2 is not properly supported, enabling potential exposure of confid...

PT-2021-11225 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.1.0 through 9.1.0 Description: The issue is related to the LDAP Provider's inability to connect over TLSv1.2, which may make it easier for a malicious actor to eavesdrop and decrypt traffic. This issue does no...

openSUSE Security Update : java-11-openjdk (openSUSE-2020-1984)

"This update for java-11-openjdk fixes the following issues : - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling ...