Lucene search
K

5 matches found

OSV
OSV
added 2026/05/28 2:2 p.m.7 views

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-43944

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00355EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.6 views

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.4 views

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
NVD
NVD
added 2013/01/05 12:55 a.m.30 views

CVE-2012-4549

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

6.5CVSS6.4AI score0.013EPSS
Exploits1References8
Rows per page
Query Builder