apk package
wolfi/keycloak-iamguarded-compat
pkg:apk/wolfi/keycloak-iamguarded-compat
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26269 | — | < 0 | 0 | Apr 3, 2023 | Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward wi | ||
| CVE-2022-45935 | — | < 0 | 0 | Jan 6, 2023 | Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7. | ||
| CVE-2022-37832 | — | < 0 | 0 | Dec 16, 2022 | Mutiny 7.2.0-10788 suffers from Hardcoded root password. | ||
| CVE-2022-28220 | — | < 0 | 0 | Sep 8, 2022 | Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent r | ||
| CVE-2022-21511 | — | < 0 | 0 | Jul 19, 2022 | Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with ne | ||
| CVE-2022-21510 | — | < 0 | 0 | Jul 19, 2022 | Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure | ||
| CVE-2021-40525 | — | < 0 | 0 | Jan 4, 2022 | Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa | ||
| CVE-2021-40111 | — | < 0 | 0 | Jan 4, 2022 | In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. | ||
| CVE-2021-40110 | — | < 0 | 0 | Jan 4, 2022 | In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which en | ||
| CVE-2021-38542 | — | < 0 | 0 | Jan 4, 2022 | Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. | ||
| CVE-2018-15529 | Hig | 8.8 | < 0 | 0 | Aug 28, 2018 | A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. | |
| CVE-2013-0136 | — | < 0 | 0 | Jun 1, 2013 | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the | ||
| CVE-2005-2992 | — | < 0 | 0 | Oct 13, 2005 | arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. | ||
| CVE-2005-2945 | — | < 0 | 0 | Sep 16, 2005 | arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). |
- CVE-2023-26269Apr 3, 2023affected < 0fixed 0
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward wi
- CVE-2022-45935Jan 6, 2023affected < 0fixed 0
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.
- CVE-2022-37832Dec 16, 2022affected < 0fixed 0
Mutiny 7.2.0-10788 suffers from Hardcoded root password.
- CVE-2022-28220Sep 8, 2022affected < 0fixed 0
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent r
- CVE-2022-21511Jul 19, 2022affected < 0fixed 0
Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMS_IR.EXECUTESQLSCRIPT privilege with ne
- CVE-2022-21510Jul 19, 2022affected < 0fixed 0
Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure
- CVE-2021-40525Jan 4, 2022affected < 0fixed 0
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassa
- CVE-2021-40111Jan 4, 2022affected < 0fixed 0
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack.
- CVE-2021-40110Jan 4, 2022affected < 0fixed 0
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which en
- CVE-2021-38542Jan 4, 2022affected < 0fixed 0
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
- affected < 0fixed 0
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
- CVE-2013-0136Jun 1, 2013affected < 0fixed 0
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the
- CVE-2005-2992Oct 13, 2005affected < 0fixed 0
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
- CVE-2005-2945Sep 16, 2005affected < 0fixed 0
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
Page 3 of 3