VYPR

apk package

wolfi/keycloak-iamguarded-compat

pkg:apk/wolfi/keycloak-iamguarded-compat

Vulnerabilities (54)

  • CVE-2023-26269Apr 3, 2023
    affected < 0fixed 0

    Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward wi

  • CVE-2022-45935Jan 6, 2023
    affected < 0fixed 0

    Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.

  • CVE-2022-37832Dec 16, 2022
    affected < 0fixed 0

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.

  • CVE-2022-28220Sep 8, 2022
    affected < 0fixed 0

    Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent r

  • CVE-2022-21511Jul 19, 2022
    affected < 0fixed 0

    Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with ne

  • CVE-2022-21510Jul 19, 2022
    affected < 0fixed 0

    Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure

  • CVE-2021-40525Jan 4, 2022
    affected < 0fixed 0

    Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa

  • CVE-2021-40111Jan 4, 2022
    affected < 0fixed 0

    In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack.

  • CVE-2021-40110Jan 4, 2022
    affected < 0fixed 0

    In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which en

  • CVE-2021-38542Jan 4, 2022
    affected < 0fixed 0

    Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

  • CVE-2018-15529HigAug 28, 2018
    affected < 0fixed 0

    A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.

  • CVE-2013-0136Jun 1, 2013
    affected < 0fixed 0

    Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the

  • CVE-2005-2992Oct 13, 2005
    affected < 0fixed 0

    arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.

  • CVE-2005-2945Sep 16, 2005
    affected < 0fixed 0

    arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).

Page 3 of 3