Attachment #255465 for bug #282983

View | Details | Raw Unified | Return to bug 282983 | Differences between
Collapse All | Expand All




  <vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
    <topic>keycloak -- Multiple security fixes</topic>
    <affects>
      <package>
        <name>keycloak</name>
        <range><lt>26.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>Keycloak reports:</p>
        <blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
          <p>This update includes 5 security fixes:</p>
          <ul>
            <li>CVE-2024-10451: Sensitive Data Exposure in Keycloak Build Process</li>
            <li>CVE-2024-10270: Potential Denial of Service</li>
            <li>CVE-2024-10492: Keycloak path trasversal</li>
            <li>CVE-2024-9666: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability</li>
            <li>CVE-2024-10039: Bypassing mTLS validation</li>
          </ul>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-9666</cvename>
      <cvename>CVE-2021-10039</cvename>
      <cvename>CVE-2021-10270</cvename>
      <cvename>CVE-2021-10451</cvename>
      <cvename>CVE-2021-10492</cvename>
    </references>
    <dates>
      <discovery>2024-11-22</discovery>
      <entry>2024-11-25</entry>
    </dates>
  </vuln>
  <vuln vid="889eddee-a964-11ef-b680-4ccc6adda413">
    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
    <affects>

Return to bug 282983

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2024.xml (+35 lines)
		1	<vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
		2	<topic>keycloak -- Multiple security fixes</topic>
		3	<affects>
		4	<package>
		5	<name>keycloak</name>
		6	<range><lt>26.0.6</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>Keycloak reports:</p>
		12	<blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
		13	<p>This update includes 5 security fixes:</p>
		14	<ul>
		15	<li>CVE-2024-10451: Sensitive Data Exposure in Keycloak Build Process</li>
		16	<li>CVE-2024-10270: Potential Denial of Service</li>
		17	<li>CVE-2024-10492: Keycloak path trasversal</li>
		18	<li>CVE-2024-9666: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability</li>
		19	<li>CVE-2024-10039: Bypassing mTLS validation</li>
		20	</ul>
		21	</blockquote>
		22	</body>
		23	</description>
		24	<references>
		25	<cvename>CVE-2021-9666</cvename>
		26	<cvename>CVE-2021-10039</cvename>
		27	<cvename>CVE-2021-10270</cvename>
		28	<cvename>CVE-2021-10451</cvename>
		29	<cvename>CVE-2021-10492</cvename>
		30	</references>
		31	<dates>
		32	<discovery>2024-11-22</discovery>
		33	<entry>2024-11-25</entry>
		34	</dates>
		35	</vuln>
1	<vuln vid="889eddee-a964-11ef-b680-4ccc6adda413">	36	<vuln vid="889eddee-a964-11ef-b680-4ccc6adda413">
2	<topic>qt6-webengine -- Multiple vulnerabilities</topic>	37	<topic>qt6-webengine -- Multiple vulnerabilities</topic>
3	<affects>	38	<affects>