VYPR

apk package

chainguard/keycloak-compat

pkg:apk/chainguard/keycloak-compat

Vulnerabilities (58)

  • CVE-2023-35116Jun 14, 2023
    affected < 0fixed 0

    jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli

  • CVE-2023-26269Apr 3, 2023
    affected < 0fixed 0

    Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward wi

  • CVE-2022-45935Jan 6, 2023
    affected < 0fixed 0

    Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.

  • CVE-2022-37832Dec 16, 2022
    affected < 0fixed 0

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.

  • CVE-2022-28220Sep 8, 2022
    affected < 0fixed 0

    Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent r

  • CVE-2022-21511Jul 19, 2022
    affected < 0fixed 0

    Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with ne

  • CVE-2022-21510Jul 19, 2022
    affected < 0fixed 0

    Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure

  • CVE-2021-40525Jan 4, 2022
    affected < 0fixed 0

    Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa

  • CVE-2021-40111Jan 4, 2022
    affected < 0fixed 0

    In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack.

  • CVE-2021-40110Jan 4, 2022
    affected < 0fixed 0

    In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which en

  • CVE-2021-38542Jan 4, 2022
    affected < 0fixed 0

    Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

  • CVE-2020-8908Dec 10, 2020
    affected < 0fixed 0

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the

  • CVE-2018-15529HigAug 28, 2018
    affected < 0fixed 0

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.

  • CVE-2017-12159HigOct 26, 2017
    affected < 0fixed 0

    It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.

  • CVE-2017-12158MedOct 26, 2017
    affected < 0fixed 0

    It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

  • CVE-2013-0136Jun 1, 2013
    affected < 0fixed 0

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the

  • CVE-2005-2992Oct 13, 2005
    affected < 0fixed 0

    arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.

  • CVE-2005-2945Sep 16, 2005
    affected < 0fixed 0

    arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).

Page 3 of 3