227 matches found
EUVD-2008-5324
Malware in sbrugna...
EUVD-2015-0425
Malware in sbrugna...
EUVD-2014-0490
Malware in sbrugna...
EUVD-2022-3066
Malicious code in bioql PyPI...
Fedora: Security Advisory for jaxb-istack-commons (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: jaxb-istack-commons-4.2.0-8.fc40
Code shared between JAXP, JAXB, SAAJ, and JAX-WS projects...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to SOAPAction spoofing (CVE-2022-38712)
Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
K16352: Multiple OpenJDK vulnerabilities
Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2014-6601...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
Summary The security issue described in CVE-2022-38712 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Spring WS Samples upgraded for Spring Boot 3.0!
With the recent announcement of Spring Boot 3.0 going GA, some of you may be interested in upgrading your Spring Web Services-based applications to take full advantage of this. The Spring WS team has upgraded our set of sample apps to help you carry that out. The main branch now tracks the versio...
Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)
Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server Web services could allow a man-in-the-middle attacker to...
Improper Input Validation in Apache CXF
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...
IBM WebSphere Application Server Liberty 21.0.0.10 <= 21.0.0.12 Information Disclosure (6541530)
The IBM WebSphere Application Server running on the remote host is 21.0.0.10 through 21.0.0.12. It is, therefore, affected by an information disclosure vulnerability. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications...
IBM Websphere AS Access Control Error Vulnerability
IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A security vulnerability exists in IBM WebSphere Application Server Liberty that can be exploited by an attacker to bypass access restrictions to WebSphere AS...
CVE-2022-22310
CVE-2022-22310 affects IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12, described as providing weaker than expected security. A remote attacker could obtain sensitive information and gain unauthorized access to JAX-WS applications. The vulnerability is documented with a base ...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22310)
Summary IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure. This has been addressed. Vulnerability Details CVEID: CVE-2022-22310 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security. A remote attacker could exploit this...
Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology
Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational...
Arbitrary File Deletion
xstream is vulnerable to arbitrary file deletion. XStream's default blacklist of the Security Framework does not blacklist the internal JAX-WS type ReadAllStream.FileStream and therefore, allows the deserialization of XML containing those untrusted type, subsequently leading to an arbitrary file...
Security Bulletin: Novalink is impacted by Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty (CVE-2019-17573)
Summary Novalink uses WebSphere Application Server Liberty. There is a Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable...