CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

Authorization

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-2668

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

PT-2022-18005 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD SCRIPTS feature is disabled. Recommendations: At the...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...

device-mapper-multipath bug fix and enhancement update

An update is available for device-mapper-multipath. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The device-mapper-multipath packages provide tools that use t...

Malicious Package

Overview machine-mapper is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

Malicious code in machine-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c368602ddffcde3e255807da9c94c25aa86d5780ec4ccb89406d97735c70265f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4444 Malicious code in machine-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c368602ddffcde3e255807da9c94c25aa86d5780ec4ccb89406d97735c70265f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: dm: fix mempool NULL pointer race when completing IO

In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...

kernel: dm integrity: fix memory corruption when tag_size is less than digest size

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tagsize is less than digest size It is possible to set up dm-integrity in such a way that the "tagsize" parameter is less than the actual digest size. In this situation, a part of the dige...

kernel: dm integrity: fix memory corruption when tag_size is less than digest size

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tagsize is less than digest size It is possible to set up dm-integrity in such a way that the "tagsize" parameter is less than the actual digest size. In this situation, a part of the dige...

kernel: dm: fix mempool NULL pointer race when completing IO

In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dmiodecpending calls endioacct first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to...

MAL-2022-736 Malicious code in @wso-utils/json-mapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 275a64b90c3271f70176e0f443e4c3fee846cbe29ff0a971ea3dd2ee5b6b7fde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OESA-2022-1698 webkit2gtk3 security update

WebKitGTK is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. This package contains WebKit2 based WebKitGTK+ for GTK+ 3. Security Fixes: In WebKitGTK through 2.36.0 and...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +15898 more potentially affected by CVE-2019-10202 via org.codehaus.jackson:jackson-mapper-asl (>=0.9.8 <=1.9.13)

org.codehaus.jackson:jackson-mapper-asl MAVEN version =0.9.8, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2019-10202 Source advisory: OSV:GHSA-C27H-MCMW-48HV...

GHSA-C27H-MCMW-48HV Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

new packages: device-mapper-persistent-data

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

CVE-2022-28930

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml...