CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9343 Source advisory:...

com.liferay:com.liferay.portal.store.jcr (>=1.0.0 <=2.0.3), com.squeakysand.jcr:squeakysand-jcr-taglib-test (>=0.2.0 <=0.4.0) +8 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.2.0 <=2.2.13)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.2.0, =1.0.0, =0.2.0, =0.2.0, =2.10.0, =2.2.0, =2.2.0, =1.2.0-cr4, =1.2.0-cr8 Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

com.day.crx:crx-auth-ldap (=2.3.15), com.day.crx:crx-spellchecker (>=2.3.14 <=2.3.64) +14 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.4.0 <=2.4.5)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.4.0, =2.3.14, =2.3.14, =0.6.0, =2.4.0, =2.4.0, =2.4.0, =5.12.0, =5.11.0, =5.11.0, =5.11.0, =5.12.2 and more Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360)

Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...

Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)

Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...