3 matches found
CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true , overriding Apache WSS4J’s safer default for validation RequestData . Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag,...
GHSA-V57X-GXFJ-484Q Security Advisory for "Log4Shell"
Impact A highly critical 0-day exploit CVE-2021-44228 is found in Apache log4j 2 library on December 9, 2021. This affects Apache log4j versions from 2.0-beta9 to 2.14.1 inclusive. This vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled...
PT-2019-14629 · Rpyc +1 · Rpyc +1
Name of the Vulnerable Software and Affected Versions: RPyC versions 4.1.x through 4.1.1 Description: A remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. Recommendations: For RP...