In Vaultwarden versions 1.32.6 and prior a high severity vulnerability CVE-2024-56335 was detected. This vulnerability allows attackers with specific conditions to update or delete groups from an organization, potentially causing denial of service or privilege escalation. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56335.
Read more Security
In the Keycloak versions before 25.0.0 and before 26.0.6 a medium severity vulnerability CVE-2024-10973 was detected. This vulnerability allows attackers on adjacent networks to access sensitive information due to unencrypted data transmission. To fix this issue, users should upgrade Keycloak to version 26.0.6 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10973.
Read more Security
In MinIO versions from RELEASE.2022-06-25T15-50-16Z to RELEASE.2024-12-13T22-19-12Z a critical severity vulnerability CVE-2024-55949 was found. This vulnerability allows attackers to gain higher privileges. To address this issue, users are advised to upgrade to MinIO version RELEASE.2024-12-13T22-19-12Z or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55949.
In Keycloak OIDC-Client versions 34.0.1 and prior a medium severity vulnerability CVE-2024-12369 was detected. This vulnerability allows attackers to inject a stolen authorization code into their own session, impersonating a victim with the victim’s identity. This attack can be executed via a Man-in-the-Middle (MitM) or phishing attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12369.
Read more Security
In Traefik versions prior to 2.11.14, prior to 3.0.0 and prior to 3.2.1 a medium severity vulnerability CVE-2024-52003 was detected. This vulnerability allows attackers to provide the X-Forwarded-Prefix header from an untrusted source, leading to potential issues. To address this issue, users must upgrade to Traefik version 2.11.14 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52003.
Read more Security
In Keycloak versions up to 26.0.2 a medium severity vulnerability CVE-2024-10451 was detected. This vulnerability allows attackers to capture sensitive runtime values, such as passwords, which may be embedded in bytecode during the build process. To address this issue, users must upgrade to Keycloak versions 26.0.6 or 26.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10451.
Read more Security
In Keycloak versions prior to 24.0.9, prior to 26.0.6 and 25.0.0 and prior a medium severity vulnerability CVE-2024-9666 was detected. This vulnerability allows attackers to exploit improper handling of proxy headers, leading to costly DNS resolution operations and potential denial of service (DoS). To address this issue, users must upgrade to Keycloak versions 26.0.6 or 24.0.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9666.
Read more Security
In Keycloak versions up to 26.0.6 a low severity vulnerability CVE-2024-10492 was detected. This vulnerability allows attackers with high privileges to confirm the existence of sensitive Vault files by creating resources like an LDAP provider configuration and a Vault read file. To address this issue users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10492.
Read more Security
In Keycloak versions up to 26.0.6 a high severity vulnerability CVE-2024-10270 was detected. This vulnerability allows attackers to trigger a denial of service (DoS) by exhausting system resources due to Regex complexity if untrusted data is passed to the SearchQueryUtils method. To address this issue, users must upgrade to Keycloak versions 26.0.6 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10270.
Read more Security