keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

Erlang Port Mapper Daemon (epmd) Detection

Detection of Erlang Port Mapper Daemon epmd. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Scientific Linux Security Update : device-mapper-multipath on SL7.x i686/x86_64 (2022:7186)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:7186-1 advisory. - device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Note that Ness...

SUSE-SU-2022:3810-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel rt was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. bnc1203514 - CVE-2022-3169: Fixed a denial of service flaw whic...

AZL-11373 CVE-2022-41974 affecting package device-mapper-multipath for versions less than 0.8.6-4

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

AZL-11371 CVE-2022-41973 affecting package device-mapper-multipath for versions less than 0.8.6-4

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

RHEL 8 : device-mapper-multipath (RHSA-2022:7191)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7191 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

AlmaLinux 9 : device-mapper-multipath (ALSA-2022:7185)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7185 advisory. - device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Note that Nessus has no...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3779-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3779-1 advisory. - Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just...

Oracle Linux 7 : device-mapper-multipath (ELSA-2022-7186)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7186 advisory. 0.4.9-136.0.1 - mpathpersist: Fix Register and Ignore with 0x00 SARK Orabug: 32696195 - mpathpersist: update prkeys file on changing registrations Orabug:...

Oracle Linux 9 : device-mapper-multipath (ELSA-2022-7185)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7185 advisory. 0.8.7-7.1 - Add 0044-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133997 Tenable has extracted the preceding description block...

Oracle Linux 8 : device-mapper-multipath (ELSA-2022-7192)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7192 advisory. 0.8.4-22.2 - Add 0092-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133994 Tenable has extracted the preceding description block...

device-mapper-multipath security update

0.8.7-7.1 - Add 0044-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133997...

device-mapper-multipath security update

0.4.9-136.0.1 - mpathpersist: Fix Register and Ignore with 0x00 SARK Orabug: 32696195 - mpathpersist: update prkeys file on changing registrations Orabug: 32696195 - Keep upstream patch 0273-RHBZ-1988462-fix-disable-changed-wwids-segfault.patch fix segfault with disablechangedwwids for orabug...