Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
135947d6 by Salvatore Bonaccorso at 2025-02-17T21:24:06+01:00
Associate several Keycloak CVEs with itp'ed/rfp'ed bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6672,7 +6672,7 @@ CVE-2025-0611 (Object corruption in V8 in Google Chrome
prior to 132.0.6834.110
- chromium 132.0.6834.110-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user
resets the ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13
to 2.40 ...)
- glibc 2.40-6
[bookworm] - glibc <no-dsa> (Minor issue)
@@ -10041,9 +10041,9 @@ CVE-2024-11864 (Specifically crafted SCMI messages sent
to an SCP running SCP-Fi
CVE-2024-11863 (Specifically crafted SCMI messages sent to an SCP running
SCP-Firmware ...)
NOT-FOR-US: Arm
CVE-2024-11736 (A vulnerability was found in Keycloak. Admin users may have to
access ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-11734 (A denial of service vulnerability was found in Keycloak that
could all ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-11497 (An authenticated attacker can use this vulnerability to
perform a priv ...)
NOT-FOR-US: Phoenix
CVE-2024-10811 (Absolute path traversal in Ivanti EPM before the 2024
January-2025 Sec ...)
@@ -23169,19 +23169,19 @@ CVE-2024-10519 (The Wishlist for WooCommerce: Multi
Wishlists Per Customer PRO p
CVE-2023-7299 (A vulnerability was found in DataGear up to 4.60. It has been
declared ...)
NOT-FOR-US: DataGear
CVE-2024-9666 (A vulnerability was found in the Keycloak Server. The Keycloak
Server ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-6538 (A flaw was found in OpenShift Console. A Server Side Request
Forgery ( ...)
NOT-FOR-US: OpenShift
CVE-2024-11483 (A vulnerability was found in the Ansible Automation Platform
(AAP). Th ...)
NOT-FOR-US: Ansible Automation Platform (AAP)
CVE-2024-10492 (A vulnerability was found in Keycloak. A user with high
privileges cou ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-10451 (A flaw was found in Keycloak. This issue occurs because
sensitive runt ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-10270 (A vulnerability was found in the Keycloak-services package. If
untrust ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-10039
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-9942 (The WPGYM - Wordpress Gym Management System plugin for
WordPress is vu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9941 (The WPGYM - Wordpress Gym Management System plugin for
WordPress is vu ...)
@@ -28912,7 +28912,7 @@ CVE-2024-10285 (The CE21 Suite plugin for WordPress is
vulnerable to sensitive i
CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to
authentication by ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10973 (A vulnerability was found in Keycloak. The environment option
`KC_CACH ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
NOT-FOR-US: OpenText
CVE-2024-51997 (Trustee is a set of tools and components for attesting
confidential gu ...)
@@ -38577,7 +38577,7 @@ CVE-2024-41902 (A vulnerability has been identified in
JT2Go (All versions < V24
CVE-2024-41798 (A vulnerability has been identified in SENTRON 7KM PAC3200
(All versio ...)
NOT-FOR-US: Siemens
CVE-2024-3656 (A flaw was found in Keycloak. Certain endpoints in Keycloak's
admin RE ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-3506 (A possible buffer overflow in selected cameras' drivers from
XProtect ...)
NOT-FOR-US: XProtect Device Pack
CVE-2024-3057 (A flaw exists whereby a user can make a specific call to a
FlashArray ...)
@@ -41930,9 +41930,9 @@ CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2,
7.2.x before 7.2.6, and all
CVE-2024-8986 (The grafana plugin SDK bundles build metadata into the binaries
it com ...)
NOT-FOR-US: Grafana plugin
CVE-2024-8883 (A misconfiguration flaw was found in Keycloak. This issue can
allow an ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-8698 (A flaw exists in the SAML signature validation method within
the Keycl ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-7207
REJECTED
CVE-2024-45410 (Traefik is a golang, Cloud Native Application Proxy. When a
HTTP reque ...)
@@ -44643,7 +44643,7 @@ CVE-2024-21753 (A improper limitation of a pathname to
a restricted directory ('
CVE-2024-21416 (Windows TCP/IP Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-6841 (A denial of service vulnerability was found in keycloak where
the amou ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-49069 (A vulnerability has been identified in Mendix Runtime V10 (All
version ...)
NOT-FOR-US: Siemens
CVE-2023-44254 (An authorization bypass through user-controlled key[CWE-639]
vulnerabi ...)
@@ -44777,11 +44777,11 @@ CVE-2024-8372 (Improper sanitization of the value of
the '[srcset]' attribute in
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and
August 14, ...)
NOT-FOR-US: Rapid7 Insight Platform
CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters
provided ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are
still usa ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A
specially craf ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical
Function, ...)
NOT-FOR-US: Profelis Informatics and Consulting PassBox
CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an
improper ...)
@@ -46009,7 +46009,7 @@ CVE-2024-7345 (Local ABL Client bypass of the required
PASOE security checks may
CVE-2024-6473 (Yandex Browser for Desktop before 24.7.1.380 has a DLL
Hijacking Vulne ...)
NOT-FOR-US: Yandex Browser for Desktop
CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows
attackers to b ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e
Holding AKO ...)
NOT-FOR-US: SAMPAS Holding AKOS
CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and
YubiHSM ...)
@@ -64949,7 +64949,7 @@ CVE-2024-6109 (A vulnerability was found in
itsourcecode Tailoring Management Sy
CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway
322_AS0500-03 ...)
NOT-FOR-US: Genexis Tilgin Home Gateway
CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing
endpoint allow ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base
LDAP se ...)
{DLA-4021-1}
- 389-ds-base 3.1.1+dfsg1-1
@@ -69165,7 +69165,7 @@ CVE-2024-5197 (There exists interger overflows in
libvpx in versions prior to 1.
NOTE:
https://github.com/webmproject/libvpx/commit/9d7054c0cb83665a74cf6f59b6261f455e692149
NOTE:
https://github.com/webmproject/libvpx/commit/61c4d556bd03b97d84e3fa49180d14bde5a62baa
CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization
Request ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-4332 (An authentication bypass vulnerability has been identified in
the REST ...)
NOT-FOR-US: Tripwire Enterprise
CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file
read a ...)
@@ -86384,7 +86384,7 @@ CVE-2024-30950 (A stored cross-site scripting (XSS)
vulnerability in FUDforum v3
CVE-2024-30253 (@solana/web3.js is the Solana JavaScript SDK. Using particular
inputs ...)
NOT-FOR-US: @solana/web3.js
CVE-2024-2419 (A flaw was found in Keycloak's redirect_uri validation logic.
This iss ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-29951 (Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash
in intern ...)
NOT-FOR-US: Brocade
CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before
v2.3.1, v2 ...)
@@ -86406,9 +86406,9 @@ CVE-2024-21989 (ONTAP Select Deploy administration
utility versions 9.12.1.x, 9
CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot
for WP ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the
"checkLoginIframe ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-1132 (A flaw was found in Keycloak, where it does not properly
validate URLs ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-0257 (RoboDK v5.5.4 is vulnerable to heap-based buffer overflow
while proc ...)
NOT-FOR-US: RoboDK
CVE-2023-6805 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
@@ -87752,7 +87752,7 @@ CVE-2024-0404 (A mass assignment vulnerability exists
in the `/api/invite/:code`
CVE-2023-33806 (Insecure default configurations in Hikvision Interactive
Tablet DS-D5B ...)
NOT-FOR-US: Hikvision
CVE-2023-3597 (A flaw was found in Keycloak, where it does not correctly
validate its ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce
generation ...)
{DLA-3839-1}
- putty 0.81-1
@@ -103779,9 +103779,9 @@ CVE-2024-26147 (Helm is a package manager for Charts
for Kubernetes. Versions pr
CVE-2024-1726 (A flaw was discovered in the RESTEasy Reactive implementation
in Quark ...)
NOT-FOR-US: Quarkus
CVE-2024-1722 (A flaw was found in Keycloak. In certain conditions, this issue
may al ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6787 (A flaw was found in Keycloak that occurs from an error in the
re-authe ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2024-27215
REJECTED
CVE-2024-26311 (Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a
reflect ...)
@@ -116689,7 +116689,7 @@ CVE-2019-25157 (A vulnerability was found in Ethex
Contracts. It has been classi
CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and
classified a ...)
NOT-FOR-US: Corveda PHPSandbox
CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker
to stea ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6920
REJECTED
CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due
to impro ...)
@@ -117589,7 +117589,7 @@ CVE-2023-6570 (Server-Side Request Forgery (SSRF) in
kubeflow/kubeflow)
CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
NOT-FOR-US: h2oai/h2o-3
CVE-2023-6563 (An unconstrained memory consumption vulnerability was
discovered in Ke ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is
prone to ...)
NOT-FOR-US: authelia-bhf as included in Beckhoffs TwinCAT/BSD
CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API
endpoint was f ...)
@@ -119441,7 +119441,7 @@ CVE-2023-6458 (Mattermost webapp fails to
validateroute parameters in/<TEAM_NAME
CVE-2023-6393 (A flaw was found in the Quarkus Cache Runtime. When request
processing ...)
NOT-FOR-US: Quarkus
CVE-2023-6291 (A flaw was found in the redirect_uri validation logic in
Keycloak. Thi ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6288 (Code injection in Remote Desktop Manager 2023.3.9.3 and earlier
on mac ...)
NOT-FOR-US: Devolutions
CVE-2023-6273 (Permission management vulnerability in the module for disabling
Sound ...)
@@ -119971,7 +119971,7 @@ CVE-2023-33017 (Memory corruption in Boot while
running a ListVars test in UEFI
CVE-2023-4503 (An improper initialization vulnerability was found in Galleon.
When us ...)
NOT-FOR-US: Red Hat EAP-Galleon
CVE-2023-6484 (A log injection flaw was found in Keycloak. A text string may
be injec ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6481 (A serialization vulnerability in logback receiver component
part of l ...)
- logback <not-affected> (Incomplte fix not applied)
NOTE: https://logback.qos.ch/news.html#1.3.14
@@ -122025,7 +122025,7 @@ CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series
RTUs with authenticated us
CVE-2023-40151 (When user authentication is not enabled the shell can execute
commands ...)
NOT-FOR-US: Red Lion
CVE-2023-6134 (A flaw was found in Keycloak that prevents certain schemes in
redirect ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-5764 (A template injection flaw was found in Ansible where a user's
controll ...)
- ansible-core 2.14.13-1 (bug #1057427)
[bookworm] - ansible-core 2.14.16-0+deb12u1
@@ -131545,9 +131545,9 @@ CVE-2023-4129 (Dell Data Protection Central, version
19.9, contains an Inadequat
CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An
unauthenticated atta ...)
NOT-FOR-US: One Identity Password Manager
CVE-2023-2585 (Keycloak's device authorization grant does not correctly
validate the ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to
support ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-44207 (Stored cross-site scripting (XSS) vulnerability in protection
plan nam ...)
NOT-FOR-US: Acronis
CVE-2023-44206 (Sensitive information disclosure and manipulation due to
improper auth ...)
@@ -133572,7 +133572,7 @@ CVE-2023-4921 (A use-after-free vulnerability in the
Linux kernel's net/sched: s
NOTE: https://kernel.dance/#8fc134fee27f2263988ae38920bc03da416b03d8
NOTE:
https://git.kernel.org/linus/8fc134fee27f2263988ae38920bc03da416b03d8 (6.6-rc1)
CVE-2023-4918 (A flaw was found in the Keycloak package, more specifically
org.keyclo ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-4914 (Relative Path Traversal in GitHub repository cecilapp/cecil
prior to 7 ...)
NOT-FOR-US: cecil.app
CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository
cecilapp/c ...)
@@ -157168,7 +157168,7 @@ CVE-2023-28894
CVE-2023-28893
RESERVED
CVE-2023-1664 (A flaw was found in Keycloak. This flaw depends on a
non-default confi ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced
browsing, ...)
NOT-FOR-US: Coverity
CVE-2023-1662
@@ -169258,11 +169258,11 @@ CVE-2023-25020 (Unauth. Stored Cross-Site Scripting
(XSS) vulnerability in Kibok
CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Premio C ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6717 (A flaw was found in the SAML client registration in Keycloak
that coul ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-6544 (A flaw was found in the Keycloak package. This issue occurs due
to a p ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-0657 (A flaw was found in Keycloak. This issue occurs due to
improperly enfo ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS
allows a re ...)
NOT-FOR-US: SonicOS
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could
permit a ...)
@@ -174006,7 +174006,7 @@ CVE-2023-0266 (A use after free vulnerability exists
in the ALSA PCM package in
CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to
execut ...)
NOT-FOR-US: Uvdesk
CVE-2023-0264 (A flaw was found in Keycloaks OpenID Connect user
authentication, whic ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does
not prope ...)
@@ -176391,7 +176391,7 @@ CVE-2023-0107 (Cross-site Scripting (XSS) - Stored in
GitHub repository usememos
CVE-2023-0106 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
NOT-FOR-US: usememos
CVE-2023-0105 (A flaw was found in Keycloak. This flaw allows impersonation
and locko ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-25068 (A vulnerability has been found in devent globalpom-utils up to
4.5.0 a ...)
NOT-FOR-US: devent globalpom-utils
CVE-2018-25067 (A vulnerability, which was classified as critical, was found
in JoomGa ...)
@@ -176865,7 +176865,7 @@ CVE-2023-22301 (The kernel subsystem hmdfs within
OpenHarmony-v3.1.5 and prior v
CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream
parser functi ...)
NOT-FOR-US: Ichitaro
CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check
client t ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to
Cross-Si ...)
NOT-FOR-US: Swifty Page Manager plugin for WordPress
CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to
Stored C ...)
@@ -183727,7 +183727,7 @@ CVE-2022-4363
CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4361 (Keycloak, an open-source identity and access management
solution, has ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not
properl ...)
@@ -186686,7 +186686,7 @@ CVE-2022-41802 (Kernel subsystem within
OpenHarmony-v3.1.4 and prior versions in
CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in
GitLab CE/EE ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4137 (A reflected cross-site scripting (XSS) vulnerability was found
in the ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a
systemd-coredump d ...)
- systemd 252-1
[bullseye] - systemd <not-affected> (Vulnerable code introduced later)
@@ -187817,7 +187817,7 @@ CVE-2022-4041 (Incorrect Privilege Assignment
vulnerability in Hitachi Storage P
CVE-2022-4040
RESERVED
CVE-2022-4039 (A flaw was found in Red Hat Single Sign-On for OpenShift
container ima ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-4038
REJECTED
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
@@ -189217,7 +189217,7 @@ CVE-2022-3918 (A program using FoundationNetworking
in swift-corelibs-foundation
CVE-2022-3917 (Improper access control of bootloader functionwas discovered in
Motoro ...)
NOT-FOR-US: Motorola
CVE-2022-3916 (A flaw was found in the offline_access scope in Keycloak. This
issue w ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3914
@@ -191895,7 +191895,7 @@ CVE-2022-3784 (A vulnerability classified as critical
was found in Axiomatic Ben
CVE-2022-3783 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: node-red-dashboard
CVE-2022-3782 (keycloak: path traversal via double URL encoding. A flaw was
found in ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-3781 (Dashlane password and Keepass Server password in My Account
Settings a ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2021-46852 (The memory management module has the logic bypass
vulnerability. Succe ...)
@@ -213038,7 +213038,7 @@ CVE-2022-2670
CVE-2022-2669 (The WP Taxonomy Import WordPress plugin through 1.0.4 does not
sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary
Javascript t ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or
buffer overfl ...)
{DSA-5218-1 DLA-3103-1}
- zlib 1:1.2.11.dfsg-4.1 (bug #1016710)
@@ -220260,7 +220260,7 @@ CVE-2022-2257 (Out-of-bounds Read in GitHub
repository vim/vim prior to 9.0.)
NOTE:
https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a
(v9.0.0009)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in
keycloa ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header
is not r ...)
{DLA-3111-1}
- mod-wsgi 4.9.0-1.1 (bug #1016476)
@@ -220486,7 +220486,7 @@ CVE-2022-2239 (The Request a Quote WordPress plugin
before 2.3.9 does not saniti
CVE-2022-2238 (A vulnerability was found in the search-api container in Red
Hat Advan ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 /
Stolostron
CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw
allows an ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-2236
RESERVED
CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker
affect ...)
@@ -220526,7 +220526,7 @@ CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0
user may be able to modify
CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to
Cross-Site Req ...)
NOT-FOR-US: Banner Cycler plugin for WordPress
CVE-2022-2232 (A flaw was found in the Keycloak package. This flaw allows an
attacker ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to
8.2.)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5
@@ -235343,7 +235343,7 @@ CVE-2022-1440 (Command Injection vulnerability in
[email protected] in GitHub
CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub
repository ...)
NOT-FOR-US: microweber
CVE-2022-1438 (A flaw was found in Keycloak. Under specific circumstances,
HTML entit ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
- radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
@@ -237921,7 +237921,7 @@ CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in
GitHub repository mruby/mru
CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize
or esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1274 (A flaw was found in Keycloak in the execute-actions-email
endpoint. Th ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate
the impo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1272
@@ -237983,7 +237983,7 @@ CVE-2022-1247 (An issue found in linux-kernel that
leads to a race condition in
CVE-2022-1246
REJECTED
CVE-2022-1245 (A privilege escalation flaw was found in the token exchange
feature of ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2
prior to 5 ...)
- radare2 5.9.0+dfsg-1 (bug #1014478)
NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
@@ -255538,7 +255538,7 @@ CVE-2021-46284
CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery
(CSRF))
NOT-FOR-US: livehelperchat
CVE-2022-0225 (A flaw was found in Keycloak. This flaw allows a privileged
attacker t ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special
Elements ...)
- dolibarr <removed>
CVE-2022-0223 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
@@ -262360,7 +262360,7 @@ CVE-2021-4135 (A memory leak vulnerability was found
in the Linux kernel's eBPF
CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to
SQL Injec ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before
15.1.1 ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery
(CSRF))
@@ -275296,7 +275296,7 @@ CVE-2021-41972 (Apache Superset up to and including
1.3.1 allowed for database c
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with
ENABLE_ ...)
NOT-FOR-US: Apache Superset
CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory
allows read ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
NOT-FOR-US: Liman MYS
CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -276329,7 +276329,7 @@ CVE-2021-41574
CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later
allows info ...)
NOT-FOR-US: Hitachi
CVE-2021-3827 (A flaw was found in keycloak, where the default ECP binding
flow allow ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-41572
RESERVED
CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper
that do ...)
@@ -279594,7 +279594,7 @@ CVE-2021-3756 (libmysofa is vulnerable to Heap-based
Buffer Overflow)
CVE-2021-3755
REJECTED
CVE-2021-3754 (A flaw was found in keycloak where an attacker is able to
register him ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in
drivers/tty/vt/vt_ioctl.c ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
@@ -289947,7 +289947,7 @@ CVE-2021-36213 (HashiCorp Consul and Consul
Enterprise 1.9.0 through 1.10.0 defa
CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows
stored X ...)
NOT-FOR-US: MISP
CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak
versions bef ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-36211
RESERVED
CVE-2021-36210
@@ -290248,7 +290248,7 @@ CVE-2021-36091 (Agents are able to list appointments
in the calendars without re
NOTE:
https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
(rel-6_1_1)
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
CVE-2021-3632 (A flaw was found in Keycloak. This vulnerability allows anyone
to regi ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be
made to ...)
- libcommons-compress-java 1.21-1 (bug #991041)
[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
@@ -301331,7 +301331,7 @@ CVE-2019-25031 (Unbound before 1.9.5 allows
configuration injection in create_un
NOTE:
https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
NOTE: Not deemed an exploitable vulnerability by upstream
CVE-2021-3513 (A flaw was found in keycloak where a brute force attack is
possible ev ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through
2021-04-27 on A ...)
NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can
block a ...)
@@ -308559,7 +308559,7 @@ CVE-2021-29094 (Multiple buffer overflow
vulnerabilities when parsing a speciall
CVE-2021-29093 (A use-after-free vulnerability when parsing a specially
crafted file i ...)
NOT-FOR-US: Esri (various ArcGIS products)
CVE-2021-3461 (A flaw was found in keycloak where keycloak may fail to logout
user se ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability
in file ...)
NOT-FOR-US: Synology
CVE-2021-29091 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
@@ -311181,7 +311181,7 @@ CVE-2021-28093 (OX Documents before 7.10.5-rev5 has
Incorrect Access Control of
CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a
regular expr ...)
NOT-FOR-US: Node is-svg
CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single
Sign-On 7.4 ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of
a crypt ...)
{DSA-4926-1 DLA-2684-1}
- lasso 2.6.1-3
@@ -331495,7 +331495,7 @@ CVE-2021-20325 (Missing fixes for CVE-2021-40438 and
CVE-2021-26691 in the versi
CVE-2021-20324
REJECTED
CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on
has been ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP
fragment needed ...)
{DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.6-1
@@ -331670,7 +331670,7 @@ CVE-2021-20291 (A deadlock vulnerability was found in
'github.com/containers/sto
CVE-2021-20290 (An improper authorization handling flaw was found in Foreman.
The Open ...)
- foreman <itp> (bug #663101)
CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to
4.6.0.F ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20288 (An authentication flaw was found in ceph in versions before
14.2.20. W ...)
{DLA-3629-1}
- ceph 14.2.20-1 (bug #986974)
@@ -331795,7 +331795,7 @@ CVE-2021-20263 (A flaw was found in the virtio-fs
shared file system daemon (vir
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=1e08f164e9fdc9528ad6990012301b9a04b0bc90
CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication
does not o ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20261 (A race condition was found in the Linux kernels implementation
of the ...)
- linux 4.5.1-1
NOTE:
https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
@@ -332000,7 +332000,7 @@ CVE-2021-20224 (An integer overflow issue was
discovered in ImageMagick's Export
CVE-2021-20223
REJECTED
CVE-2021-20222 (A flaw was found in keycloak. The new account console in
keycloak can ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM
Generic ...)
{DLA-3099-1 DLA-2560-1}
- qemu 1:5.2+dfsg-4
@@ -332108,7 +332108,7 @@ CVE-2021-20203 (An integer overflow issue was found
in the vmxnet3 NIC emulator
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/d05dcd94aee88728facafb993c7280547eb4d645
(v6.2.0-rc3)
CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior
to the ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS
tool might ...)
- spice 0.14.3-2.1 (bug #983698)
[buster] - spice <no-dsa> (Minor issue)
@@ -332148,7 +332148,7 @@ CVE-2021-20196 (A NULL pointer dereference flaw was
found in the floppy disk emu
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233
(v6.2.0-rc4)
CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self
Stored ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher
than 5.2 ...)
- linux 5.10.19-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -332607,7 +332607,7 @@ CVE-2020-35511 (A global buffer overflow was
discovered in pngcheck function in
CVE-2020-35510 (A flaw was found in jboss-remoting in versions before
5.0.20.SP1-redha ...)
- libjboss-remoting-java <removed>
CVE-2020-35509 (A flaw was found in keycloak affecting versions 11.0.3 and
12.0.0. An ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-35508 (A flaw possibility of race condition and incorrect
initialization of t ...)
- linux 5.9.9-1
[buster] - linux 4.19.160-1
@@ -343112,7 +343112,7 @@ CVE-2020-27839 (A flaw was found in ceph-dashboard.
The JSON Web Token (JWT) use
NOTE:
https://github.com/ceph/ceph/commit/23f2604d6f9ac16779b4ac43aab6e4e434f2e8ec
NOTE:
https://github.com/ceph/ceph/commit/843b2e9cd4cb996165d1818ebff125f1414f90c5
(nautilus)
CVE-2020-27838 (A flaw was found in keycloak in versions prior to 13.0.0. The
client r ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race
conditio ...)
- gdm3 3.38.2.1-1
[buster] - gdm3 <no-dsa> (Minor issue)
@@ -343160,7 +343160,7 @@ CVE-2020-27827 (A flaw was found in multiple versions
of OpenvSwitch. Specially
NOTE:
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
NOTE:
https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0
CVE-2020-27826 (A flaw was found in Keycloak before version 12.0.0 where it is
possibl ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c
in Linux ...)
{DSA-4843-1 DLA-2586-1 DLA-2557-1}
- linux 5.9.6-1
@@ -374889,7 +374889,7 @@ CVE-2020-14390 (A flaw was found in the Linux kernel
in versions before 5.9-rc6.
NOTE:
https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit
a user w ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-14388 (A flaw was found in the Red Hat 3scale API Management
Platform, where ...)
NOT-FOR-US: 3scale
CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync
improperl ...)
@@ -375001,7 +375001,7 @@ CVE-2020-14367 (A flaw was found in chrony versions
before 3.5.1 when creating t
NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3
NOTE: additionally mitigating the issue. Earlier versions used
/var/run/chronyd.pid.
CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal
using URL- ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine
2.8.x before ...)
{DSA-4950-1}
- ansible 2.9.13+dfsg-1 (unimportant)
@@ -375035,7 +375035,7 @@ CVE-2020-14360 (A flaw was found in the X.Org Server
before version 1.20.10. An
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
CVE-2020-14359 (A vulnerability was found in all versions of Keycloak
Gatekeeper, wher ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-14358
REJECTED
CVE-2020-14357
@@ -375282,7 +375282,7 @@ CVE-2020-14303 (A flaw was found in the AD DC NBT
server in all Samba versions b
[buster] - samba <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external
identity ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-14301 (An information disclosure vulnerability was found in libvirt
in versio ...)
- libvirt <not-affected> (Vulnerable code introduced with 6.2.0)
NOTE: Fixed by:
https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
@@ -386106,7 +386106,7 @@ CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the
read only widgets can be ed
CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature
of Red Ha ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it
is possib ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine
versions 4.4 ...)
NOT-FOR-US: ovirt-engine
CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's
versions befo ...)
@@ -386123,7 +386123,7 @@ CVE-2020-10772 (An incomplete fix for CVE-2020-12662
was shipped for Unbound in
CVE-2020-10771 (A flaw was found in Infinispan version 10, where it is
possible to per ...)
NOT-FOR-US: Infinispan
CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is
possible to fo ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before
5.0 in ...)
- linux 4.19.20-1
[stretch] - linux 4.9.161-1
@@ -386183,7 +386183,7 @@ CVE-2020-10759 (A PGP signature bypass flaw was found
in fwupd (all versions), w
NOTE: Introduced with:
https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae
(0.1.2)
NOTE:
https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS
attack i ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1
in the ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux 5.6.14-2
@@ -386235,7 +386235,7 @@ CVE-2020-10749 (A vulnerability was found in all
versions of containernetworking
NOTE: https://github.com/containernetworking/plugins/pull/484
NOTE:
https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1,
where i ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10747
REJECTED
CVE-2020-10746 (A flaw was found in Infinispan
(org.infinispan:infinispan-server-runti ...)
@@ -386295,7 +386295,7 @@ CVE-2020-10735 (A flaw was found in python. In
algorithms with quadratic time co
NOTE:
https://github.com/python/cpython/commit/cec1e9dfd769bd3a16142d0fdd1a36f19c77ed15
(v3.9.14)
NOTE:
https://github.com/python/cpython/commit/15ec1afd4fcd2da1e2d2b256c562fb42d8d886a2
(v3.7.14)
CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC
logout ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes
system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
@@ -386504,7 +386504,7 @@ CVE-2020-10687 (A flaw was discovered in all versions
of Undertow before Underto
NOTE: https://github.com/undertow-io/undertow/pull/951
NOTE:
https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e
(2.2.0.Final)
CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was
fixed in ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine
versions 2 ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
@@ -410495,7 +410495,7 @@ CVE-2020-1759 (A vulnerability was found in Red Hat
Ceph Storage 4 and Red Hat O
NOTE: Fixed by:
https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d
NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2
CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where
it does ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to
undertow- ...)
- undertow 2.1.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770
@@ -410562,7 +410562,7 @@ CVE-2020-1745 (A file inclusion vulnerability was
found in the AJP connector ena
NOTE: According to
https://lists.jboss.org/pipermail/undertow-dev/2020-March/002422.html
NOTE: the fix is: https://github.com/undertow-io/undertow/pull/859
CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When
configuring an ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1743
RESERVED
CVE-2020-1742 (An insecure modification vulnerability flaw was found in
containers us ...)
@@ -410641,7 +410641,7 @@ CVE-2020-1733 (A race condition flaw was found in
Ansible Engine 2.7.17 and prio
CVE-2020-1732 (A flaw was found in Soteria before 1.0.1, in a way that
multiple reque ...)
- wildfly <itp> (bug #752018)
CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator,
before vers ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before
0.9.4 in t ...)
- libssh 0.9.4-1 (bug #956308)
[buster] - libssh 0.8.7-1+deb10u1
@@ -410654,20 +410654,20 @@ CVE-2020-1730 (A flaw was found in libssh versions
before 0.8.9 and before 0.9.4
CVE-2020-1729 (A flaw was found in SmallRye's API through version 1.6.1. The
API can ...)
NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where,
the pages ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every
Author ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows
containers ...)
- libpod 1.6.4+dfsg1-3 (bug #961421)
NOTE: Introduced in:
https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93
(v1.6.0-rc1)
NOTE: https://github.com/containers/libpod/pull/5168
NOTE: Fixed by:
https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42
(v1.8.1-rc1)
CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some
scenarios ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This
flaw allow ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1723 (A flaw was found in Keycloak Gatekeeper (Louketo). The logout
endpoint ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When
sending ...)
- freeipa 4.8.8-2 (bug #966200)
[buster] - freeipa <no-dsa> (Minor issue)
@@ -410691,15 +410691,15 @@ CVE-2020-1720 (A flaw was found in PostgreSQL's
"ALTER ... DEPENDS ON EXTENSION"
CVE-2020-1719 (A flaw was found in wildfly. The EJBContext principle is not
popped ba ...)
- wildfly <itp> (bug #752018)
CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak
versions ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an
account ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1716 (A flaw was found in the ceph-ansible playbook where it
contained hardc ...)
NOT-FOR-US: ceph-ansible
CVE-2020-1715
REJECTED
CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the
code bas ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1713
REJECTED
CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before
versio ...)
@@ -410762,9 +410762,9 @@ CVE-2020-1699 (A path traversal flaw was found in the
Ceph dashboard implemented
NOTE: https://tracker.ceph.com/issues/41320
NOTE:
https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged
except ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links
to exter ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where
Token Proc ...)
- dogtag-pki <unfixed> (bug #1014854)
[bullseye] - dogtag-pki <no-dsa> (Minor issue)
@@ -410776,7 +410776,7 @@ CVE-2020-1695 (A flaw was found in all resteasy 3.x.x
versions prior to 3.12.0.F
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
NOTE:
https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb
CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0,
where the ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was
vulnerabl ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information
exposure of s ...)
@@ -426911,9 +426911,9 @@ CVE-2019-14912 (An issue was discovered in PRiSE adAS
1.7.0. The OPENSSO module
CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO
module does n ...)
NOT-FOR-US: PRiSE adAS
CVE-2019-14910 (A vulnerability was found in keycloak 7.x, when keycloak is
configured ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user
federation LD ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-14908
REJECTED
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12
and 4.11 ...)
@@ -427288,7 +427288,7 @@ CVE-2019-14839 (It was observed that while login into
Business-central console,
CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The
Management users ...)
- wildfly <itp> (bug #752018)
CVE-2019-14837 (A flaw was found in keycloack before version 8.0.0. The owner
of 'plac ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-14836 (A vulnerability was found that the 3scale dev portal does not
employ m ...)
NOT-FOR-US: 3scale
CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to
5.2.x, in ...)
@@ -427309,7 +427309,7 @@ CVE-2019-14833 (A flaw was found in Samba, all
versions starting samba 4.5.0 bef
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0
where i ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-14831 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to
3.6.5, 3.5 to ...)
- moodle <removed>
CVE-2019-14830 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to
3.6.5, 3.5 to ...)
@@ -427361,7 +427361,7 @@ CVE-2019-14821 (An out-of-bounds access issue was
found in the Linux kernel, all
- linux 5.2.17-1
NOTE:
https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
CVE-2019-14820 (It was found that keycloak before version 8.0.0 exposes
internal adapt ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-14819 (A flaw was found during the upgrade of an existing OpenShift
Container ...)
NOT-FOR-US: openshift-ansible
CVE-2019-14818 (A flaw was found in all dpdk version 17.x.x before 17.11.8,
16.x.x bef ...)
@@ -441856,11 +441856,11 @@ CVE-2019-10203 (PowerDNS Authoritative daemon ,
pdns versions 4.0.x before 4.0.9
CVE-2019-10202 (A series of deserialization vulnerabilities have been
discovered in Co ...)
NOT-FOR-US: Codehaus
CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to
6.0.1, did no ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-10200 (A flaw was discovered in OpenShift Container Platform 4 where,
by defa ...)
NOT-FOR-US: OpenShift
CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did
not per ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-10198 (An authentication bypass vulnerability was discovered in
foreman-tasks ...)
- foreman <itp> (bug #663101)
CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba
4.10.x up ...)
@@ -441983,9 +441983,9 @@ CVE-2019-10172 (A flaw was found in
org.codehaus.jackson:jackson-mapper-asl:1.9.
CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base,
versions ...)
- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170 (A flaw was found in the Keycloak admin console, where the
realm manage ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-10169 (A flaw was found in Keycloak\u2019s user-managed access
interface, whe ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and
virConnectCompareHypervisorC ...)
- libvirt 5.0.0-4
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -442053,7 +442053,7 @@ CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and
below, 5.9.9.3 and below are v
CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final.
An improp ...)
NOT-FOR-US: infinispan
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version
4.8.3 did ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was
implemented in ...)
{DSA-4950-1 DLA-2535-1 DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
@@ -459195,7 +459195,7 @@ CVE-2019-3877 (A vulnerability was found in
mod_auth_mellon before v0.14.2. An o
CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of
the Op ...)
NOT-FOR-US: Openshift OAuth server
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509
authenti ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not
accounte ...)
{DLA-2385-1}
- linux 5.2.6-1
@@ -459221,7 +459221,7 @@ CVE-2019-3870 (A vulnerability was found in Samba
from version (including) 4.9 t
CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes,
applicatio ...)
NOT-FOR-US: Ansible Tower
CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access
or id t ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2019-3867 (A vulnerability was found in the Quay web application. Sessions
in the ...)
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
CVE-2019-3866 (An information-exposure vulnerability was discovered where
openstack-m ...)
@@ -483888,16 +483888,16 @@ CVE-2018-14659 (The Gluster file system through
versions 4.1.4 and 3.1.2 is vuln
NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
NOTE:
http://git.gluster.org/cgit/glusterfs.git/commit/?id=be1e1785e2e4f3d6345ea5b5b684a1429784a01c
CVE-2018-14658 (A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect
URL for b ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-14657 (A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When
TOPT enabl ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-14656 (A missing address check in the callers of the show_opcodes()
in the Li ...)
- linux 4.18.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2,
4.3.0.Final. Wh ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to
abuse o ...)
{DLA-2806-1}
- glusterfs 5.1-1 (bug #912997)
@@ -483997,7 +483997,7 @@ CVE-2018-14638 (A flaw was found in 389-ds-base
before version 1.3.8.4-13. The p
[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
NOTE:
https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version
4.6.0.Fin ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic
for other ...)
- neutron 2:13.0.0-1 (low)
[stretch] - neutron <ignored> (Minor issue)
@@ -494264,7 +494264,7 @@ CVE-2018-10913 (An information disclosure
vulnerability was discovered in gluste
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE:
https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a
infinite loop i ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of
glusterfs does ...)
{DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
@@ -494341,7 +494341,7 @@ CVE-2018-10895 (qutebrowser before version 1.4.1 is
vulnerable to a cross-site r
NOTE: Introduced in:
https://github.com/qutebrowser/qutebrowser/commit/ffc29ee (v1.0.0)
NOTE: Fixed in:
https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
(v1.4.1)
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final
incorrec ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were
discovered i ...)
- spice-gtk 0.37-1 (bug #904161)
[buster] - spice-gtk <no-dsa> (Minor issue)
@@ -531859,9 +531859,9 @@ CVE-2017-15114 (When libvirtd is configured by OSP
director (tripleo-heat-templa
CVE-2017-15113 (ovirt-engine before version 4.1.7.6 with log level set to
DEBUG includ ...)
NOT-FOR-US: ovirt-engine
CVE-2017-15112 (keycloak-httpd-client-install versions before 0.8 allow users
to insec ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-15111 (keycloak-httpd-client-install versions before 0.8 insecurely
creates t ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other
students ...)
- moodle <removed>
CVE-2017-15109
@@ -540894,13 +540894,13 @@ CVE-2017-12163 (An information leak flaw was found
in the way SMB1 protocol was
CVE-2017-12162
RESERVED
CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit
misuse of a ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated
resourc ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-12159 (It was found that the cookie used for CSRF prevention in
Keycloak was ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in
the admin ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view
details a ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=358586
@@ -555401,7 +555401,7 @@ CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to
a NULL pointer dereference
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/80
CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did
not handl ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-7473
REJECTED
CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows
local use ...)
@@ -570366,7 +570366,7 @@ CVE-2017-2647 (The KEYS subsystem in the Linux kernel
before 3.18 allows local u
[jessie] - linux 3.16.43-1
NOTE: Fixed by:
https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
(v3.18-rc1)
CVE-2017-2646 (It was found that when Keycloak before 2.5.5 receives a Logout
request ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-2645 (In Moodle 3.x, XSS can occur via attachments to evidence of
prior lear ...)
- moodle <not-affected> (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4)
NOTE: https://tracker.moodle.org/browse/MDL-57597
@@ -570590,7 +570590,7 @@ CVE-2017-2586 (A null pointer dereference
vulnerability was found in netpbm befo
NOTE: Debian uses an old fork of netpbm
NOTE: Fixed by
http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of
HMAC ve ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows
local ...)
{DSA-3791-1}
- linux 4.9.6-1
@@ -570603,7 +570603,7 @@ CVE-2017-2583 (The load_segment_descriptor
implementation in arch/x86/kvm/emulat
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
CVE-2017-2582 (It was found that while parsing the SAML messages the
StaxParserUtil c ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before
10.61. ...)
- netpbm-free 2:10.97.00-1 (bug #854978)
[bullseye] - netpbm-free <not-affected> (Legacy fork not affected)
@@ -579343,7 +579343,7 @@ CVE-2016-8630 (The x86_decode_insn function in
arch/x86/kvm/emulate.c in the Lin
NOTE: Fixed by:
https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
NOTE: Introduced by:
https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5
(v3.17-rc1)
CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check
permissi ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2016-8628 (Ansible before version 2.2.0 fails to properly sanitize fact
variables ...)
- ansible 2.2.0.0-1 (bug #842985)
[jessie] - ansible <not-affected> (Vulnerable code not present)
@@ -579447,7 +579447,7 @@ CVE-2016-8610 (A denial of service flaw was found in
OpenSSL 0.9.8, 1.0.1, 1.0.2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions
countermeasures in gnutls
NOTE:
https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
CVE-2016-8609 (It was found that the keycloak before 2.3.0 did not implement
authenti ...)
- NOT-FOR-US: Keycloak
+ - keycloak <itp> (bug #1088287)
CVE-2016-8608 (JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via
busine ...)
NOT-FOR-US: JBoss BPMS
CVE-2016-8607
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/135947d6da70101e45bf1d202214a15dd3572199
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/135947d6da70101e45bf1d202214a15dd3572199
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
