Osidb Bzimport

**Name of the Vulnerable Software and Affected Versions** NetworkManager (affected versions not specified) **Description** A flaw in the dhclient backend of NetworkManager allows for local privilege escalation. The issue occurs when processing malformed Manufacturer Usage Description (MUD) URLs, which are used to provide devices with information about the network services they need. A local user can trigger a script via a crafted MUD URL to gain elevated privileges, but only if an administrator has explicitly configured NetworkManager to use dhclient. Default configurations are not affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenShift Pipelines operator (affected versions not specified) **Description** A flaw in the OpenShift Pipelines operator occurs because the `tekton-scheduler-rolebinding` ClusterRoleBinding grants the `system:authenticated` group write access to Kueue and cert-manager custom resources through the `tekton-scheduler-role` ClusterRole. If Kueue or cert-manager Custom Resource Definitions (CRDs) are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete Workload objects belonging to other tenants, or cause cert-manager to overwrite TLS Secrets, including the default ingress controller certificate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rrdcached (affected versions not specified) **Description** A stack-based buffer overflow exists in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can trigger this issue by sending an oversized 'CREATE' request. This may result in a denial of service by crashing the daemon or potentially enable arbitrary code execution, compromising data integrity and confidentiality.

**Name of the Vulnerable Software and Affected Versions** Quay (affected versions not specified) **Description** A flaw exists in the LDAP and SMTP validation functions of the Quay config-tool. An attacker with config editor access can exploit these functions, which establish outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position to potentially map the internal network infrastructure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker who has compromised an upstream LDAP server, to cause a denial of service. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This results in the termination of the Java Virtual Machine (JVM), which is the engine that allows Java applications to run, leading to a denial of service for all realms on the affected node. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw exists where Keycloak may incorrectly process unsigned claims when a JSON Web Encryption (JWE) encrypted request object is submitted, provided the decrypted content is raw JSON. This behavior bypasses the configured signature policy, allowing a remote attacker to submit unauthorized claims and compromising data integrity within the OpenID Connect (OIDC) authorization flow. This issue violates OIDC Core and Financial-grade API (FAPI) signing requirements, although a redirect URI allowlist serves as a compensating control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A flaw exists in the `vfs worm` module, which is designed to provide write-once, read-many (WORM) protections by preventing file modifications after a specific grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share can overwrite a protected file by renaming a newly created file over the existing WORM-protected file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker capable of intercepting or redirecting network traffic could provide a malicious certificate authority certificate, which may lead to the interception or spoofing of trusted communications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. The issue exists because the server-side `processAction()` function fails to validate that parameters of the newly created credential, such as public key algorithms, align with the realm's configured WebAuthn policies. This may result in the creation of credentials that do not meet administrative security requirements, potentially allowing non-compliant authentication methods. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** An Insecure Direct Object Reference (IDOR) flaw exists in the Authorization Services Protection API endpoint. An authenticated client can bypass authorization checks by providing the unique identifier (UUID) of a resource belonging to a different Resource Server within the same realm. This allows unauthorized GET, PUT, and DELETE operations, which can result in information disclosure or the unauthorized modification and deletion of data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw in the Admin API allows a low-privilege administrator with the 'view-clients' role to cause cross-role personally identifiable information (PII) leakage. By invoking the 'evaluate-scopes' endpoint with an arbitrary `userId` parameter, an attacker can gain unauthorized visibility into user identities and authorizations across the realm. This issue is exploitable remotely via network access to the Admin API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuTLS (affected versions not specified) **Description** A heap buffer overflow exists in the DTLS handshake fragment reassembly logic. The issue occurs in the `merge handshake packet()` function, where incoming handshake fragments are matched and merged based on handshake type without validating that the `message length` field remains consistent across all fragments of the same logical message. A remote, unauthenticated attacker can send crafted DTLS fragments with conflicting `message length` values, causing the system to allocate a buffer based on a smaller initial fragment and then write beyond its bounds using larger fragments. This lack of proper bounds checking during the merge operation results in an out-of-bounds write on the heap, which can lead to application crashes or memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuTLS (affected versions not specified) **Description** A flaw in DTLS handshake parsing allows malformed fragments with zero length and non-zero offset to cause an integer underflow during reassembly. This leads to an out-of-bounds read, which is remotely exploitable and may result in information disclosure or denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gnutls versions prior to 3.8.13-1.1 **Description** No detailed information was provided regarding the nature of the security issues fixed in this package. **Recommendations** Update to version 3.8.13-1.1.

**Name of the Vulnerable Software and Affected Versions** InstructLab (affected versions not specified) **Description** A flaw exists in the `linux train.py` script which hardcodes the `trust remote code` variable as `True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution if a user is convinced to run the `ilab train/download/generate` command using a specially crafted malicious model from the HuggingFace Hub, potentially leading to complete system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** binutils (affected versions not specified) **Description** A flaw in the `readelf` utility allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. This can lead to a program crash or the system becoming unresponsive due to excessive resource consumption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A Stored Cross-Site Scripting (XSS) issue exists in the organization selection login page. A remote attacker possessing `manage-realm` or `manage-organizations` administrative privileges can execute arbitrary JavaScript in a user's browser. This occurs because the `organization.alias` variable is placed into an inline JavaScript `onclick` handler without proper sanitization. Successful exploitation may lead to session theft or unauthorized account actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified) Description A flaw exists in Keycloak that allows a remote attacker to exploit a Cross-Origin Resource Sharing (CORS) header injection in the User-Managed Access (UMA) token endpoint. The issue arises because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before JWT signature validation. A crafted JWT with a controlled `azp` value can be reflected as the CORS origin, potentially exposing low-sensitivity information from authorization server error responses, but only when a client is misconfigured with `webOrigins: ['*']`. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified) Description A flaw exists in Keycloak that allows an attacker controlling another path on the same web server to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) using a wildcard. A successful attack could result in the theft of an access token, leading to information disclosure. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Undertow (affected versions not specified) **Description** A security issue exists in Undertow that allows a remote attacker to create malicious requests. The issue stems from discrepancies in how Undertow parses header names compared to upstream proxies, which can be exploited to launch request smuggling attacks. Successful exploitation could bypass security measures and grant access to unauthorized resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.