EUVD-2017-10599

Malware in sbrugna...

EUVD-2021-1329

Malware in sbrugna...

EUVD-2022-2370

Malicious code in bioql PyPI...

EUVD-2022-4414

Malicious code in bioql PyPI...

EUVD-2022-3270

Malicious code in bioql PyPI...

EUVD-2022-5742

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2010-2057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML Extern...

Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)

Summary There is a vulnerability in the Apache MyFaces library used by WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an...

GHSA-92CV-WV2C-8899 Apache MyFaces Cross-site Scripting vulnerability

Apache MyFaces 1.1.7 and 1.2.8 All previous versions are likely vulnerable, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary...

Apache MyFaces Cross-site Scripting vulnerability

Apache MyFaces 1.1.7 and 1.2.8 All previous versions are likely vulnerable, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary...

GHSA-4FV4-CQ5V-X45M Improper Authentication in Apache MyFaces

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

br.com.caelum.stella:myfaces-example (=1.1), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +44 more potentially affected by CVE-2010-2057 via org.apache.myfaces.core:myfaces-impl (>=1.2.0 <=1.2.8)

org.apache.myfaces.core:myfaces-impl MAVEN version =1.2.0, =1.2.1, =0.9.4, =0.9.4, =0.9.4, =2.2, =2.2, =2.1, =2.1, =2.0.1, =2.0.1, =2.2, =2.2, =2.2.1 - org.apache.myfaces.commons:myfaces-commons-examples12 =1.0.0 and more Source cves: CVE-2010-2057 Source advisory: OSV:GHSA-4FV4-CQ5V-X45M...

com.github.almex:weblets-demo (=1.1.3), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-M1) +18 more potentially affected by CVE-2010-2057 via org.apache.myfaces.core:myfaces-impl (=2.0.0)

org.apache.myfaces.core:myfaces-impl MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.myfaces.core:myfaces-impl and may be impacted: - com.github.almex:weblets-demo =1.1.3 -...

Improper Authentication in Apache MyFaces

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...

Apache MyFaces Vulnerable to EL Injection

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters...

GHSA-JQ6G-P65R-44XR Apache MyFaces Vulnerable to EL Injection

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters...

GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...