Page 37 of 1394 results (0.016 seconds)

CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0006 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1206 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. Se encontró una falla en Keycloak. Un servidor Keycloak configurado para admitir la autenticación mTLS para clientes OAuth/OpenID no verifica correctamente la cadena de certificados del cliente. • https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3892 https://access.redhat.com/security/cve/CVE-2023-2422 https://bugzilla.redhat.com/show_bug.cgi?id=2191668 • CWE-295: Improper Certificate Validation •

CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. La concesión de autorización del dispositivo de Keycloak no valida correctamente el código del dispositivo y la identificación del cliente. Un cliente atacante podría abusar de la validación faltante para falsificar una solicitud de consentimiento del cliente y engañar a un administrador de autorización para que otorgue el consentimiento a un cliente OAuth malicioso o un posible acceso no autorizado a un cliente OAuth existente. • https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3892 https://access.redhat.com/security/cve/CVE-2023-2585 https://bugzilla.redhat.com/show_bug.cgi?id=2196335 • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a https://access.redhat.com/security/cve/CVE-2022-4361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •

CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0005 https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-3212 • CWE-476: NULL Pointer Dereference •