3 matches found
be.eliwan:eoddata-client (=1.0), br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0) +279 more potentially affected by CVE-2012-5575 via org.apache.cxf:cxf-rt-transports-http (>=2.7.0 <=2.7.3)
org.apache.cxf:cxf-rt-transports-http MAVEN version =2.7.0, =1.1.7, =1.1.9, =1.2.5, =1.0.3, =1.0.3, =2.0.3, =1.0.0, =0.4.0, =0.4.1, =1.3.1, =1.2.3, =1.2.3, =2.3, =2.12 and more Source cves: CVE-2012-5575 Source advisory: OSV:GHSA-7V5V-9V8R-W864...
com.domeke:basecore (>=1.0.0 <=1.0.4), com.eurodyn.qlack2.fuse:qlack2-fuse-workflow-runtime-impl (>=2.3.3 <=2.3.19) +408 more potentially affected by CVE-2017-5656 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.10)
org.apache.cxf:cxf-core MAVEN version =3.1.0, =1.0.0, =2.3.3, =1.0, =0.2, =0.2, =1.1.4-rc1, =1.0.1, =1.1.0.0, =1.1.0.0, =1.5.8.0 - com.reallifedeveloper:rld-common =1.3 - com.wichell:framework-config =1.0.0 - com.wichell:framework-core =1.0.0 - com.wichell:framework-dao =1.0.0 and more Source cve...
apache-cxf: XML encryption backwards compatibility attacks
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...