98 matches found
EUVD-2021-1329
Malware in sbrugna...
EUVD-2022-2370
Malicious code in bioql PyPI...
EUVD-2022-4414
Malicious code in bioql PyPI...
EUVD-2022-3270
Malicious code in bioql PyPI...
EUVD-2022-5742
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2010-2057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message...
Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM CICS TX on Cloud
Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML Extern...
Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)
Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...
Apache MyFaces Cross-site Scripting vulnerability
Apache MyFaces 1.1.7 and 1.2.8 All previous versions are likely vulnerable, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary...
GHSA-4FV4-CQ5V-X45M Improper Authentication in Apache MyFaces
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
Improper Authentication in Apache MyFaces
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
GHSA-GJFX-9WX3-J6R7 Apache MyFaces Vulnerable to Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
Summary A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. There is a remote code execution vulnerability in the JSF Sun Reference Implementation 1.2 used by WebSphere Application Server. The JSF Sun Reference Implementati...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-26296)
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty
Summary This security bulletin addresses the Information Disclosure vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request...
Security Bulletin: Novalink is impacted by Apache MyFaces affects WebSphere Liberty, middle vulnerability in WebSphere Application Server Liberty (CVE-2021-26296)
Summary Novalink uses WebSphere Application Server Liberty. There is a Apache MyFaces affects WebSphere Liberty , middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability (CVE-2021-26296)
Summary Rational Asset Analyzer RAA has addressed the following vulnerability: CVE-2021-26296 Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated...