5 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]
Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...
cn.regionsoft:ONE (=2.1.1), co.baiku.boot:ajavaer-cache (=0.3.0-RELEASES) +49 more potentially affected by CVE-2020-26939 via org.bouncycastle:bcprov-ext-jdk16 (>=1.45 <=1.46)
org.bouncycastle:bcprov-ext-jdk16 MAVEN version =1.45, =0.0.1-RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.9.RELEASE and more Source cves: CVE-2020-26939 Source advisor...
JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle...
Java: XML signature spoofing
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...