15 matches found
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
EUVD-2021-2173
Malware in sbrugna...
SUSE-SU-2022:0934-1 Security update for binutils
This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. bsc1192267 This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO bsc1188941. - Fix empt...
SUSE-SU-2021:3616-1 Security update for binutils
This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...
OPENSUSE-SU-2021:3616-1 Security update for binutils
This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...
Security update for binutils (moderate)
openSUSE Security Update: Security update for binutils Announcement ID: openSUSE-SU-2021:3616-1 Rating: moderate References: 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454 1180461 1181452 1182252 1183511 1184620 1184794 PM-2767 SLE-18637 SLE-19618 SLE-21561 Cross-References:...
Privilege Escalation
keycloak is vulnerable to privilege escalation. The realm management interface permits unauthorised setting up of scripts via the policy, allowing an attacker to inject and execute a malicious script with the permissions of the application user...
GHSA-7M27-3587-83XF Privilege Defined With Unsafe Actions in Keycloak
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
Design/Logic Flaw
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
CVE-2019-10170
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...
keycloak: script execution via realm management policy trigger
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...