11 matches found
CVE-2026-50633
A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...
CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...
CVE-2026-50633
The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...
PT-2026-48852
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description A JNDI Injection issue exists in the JCA integration module. This occurs when an attacker can manipulate the JCA deployment descriptor 'ra.xml' or runtime...
CVE-2026-5588
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)
org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =8.0.2, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9343 Source advisory:...
com.liferay:com.liferay.portal.store.jcr (>=1.0.0 <=2.0.3), com.squeakysand.jcr:squeakysand-jcr-taglib-test (>=0.2.0 <=0.4.0) +8 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.2.0 <=2.2.13)
org.apache.jackrabbit:jackrabbit-core MAVEN version =2.2.0, =1.0.0, =0.2.0, =0.2.0, =2.10.0, =2.2.0, =2.2.0, =1.2.0-cr4, =1.2.0-cr8 Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...
com.day.crx:crx-auth-ldap (=2.3.15), com.day.crx:crx-spellchecker (>=2.3.14 <=2.3.64) +14 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.4.0 <=2.4.5)
org.apache.jackrabbit:jackrabbit-core MAVEN version =2.4.0, =2.3.14, =2.3.14, =0.6.0, =2.4.0, =2.4.0, =2.4.0, =5.12.0, =5.11.0, =5.11.0, =5.11.0, =5.12.2 and more Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...
Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360)
Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...
Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)
Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...
Design/Logic Flaw
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...