5 matches found
CVE-2026-43867
CVE-2026-43867 concerns Apache Camel’s camel-pqc component. The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata using a base64-decoded payload and a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or allow-list. The cast to KeyMetadata occurs ...
CVE-2026-46590
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...
CVE-2026-46590
CVE-2026-46590 affects Apache Camel: Camel-PQC. The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize a Base64-wrapped metadata object using an unfiltered java.io.ObjectInputStream, with cast to KeyMetadata performed after readObject(). This allows crafted serialized obje...
CVE-2026-41005
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the STK authentication status in the Bluetooth SMP protocol not correctly reflecting the MITM status, which...