keycloak: Keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

The vulnerability of the driver for the trusted interface of the Windows operating system allows a hacker to disclose protected information.

The vulnerability of the Windows operating system’s trusted interface driver is related to the use of an uninitialized resource. Exploiting this vulnerability can allow a hacker to disclose sensitive information that is protected by security measures...

SUSE CVE-2019-12929

The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU'...

Huawei Data Communication: Configuring a Trusted Interface to Prevent Bogus DHCP Server Attacks

To prevent bogus DHCP server attacks, you can configure the trusted and untrusted modes for DHCP snooping. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...