63 matches found
CVE-2026-40557
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
CVE-2026-40557
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
Improper Certificate Validation
Overview org.apache.storm:storm-metrics-prometheus is a Distributed and fault-tolerant realtime computation Affected versions of this package are vulnerable to Improper Certificate Validation in the INSECURECONNECTIONFACTORY calls. An attacker can intercept sensitive data and credentials by...
Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182
Summary IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION:...
EUVD-2021-0835
Malware in sbrugna...
EUVD-2023-54725
Malicious code in bioql PyPI...
Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516.
Summary IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6...
Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.
Summary IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC72...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
Security Bulletin: IBM Truststore Manager uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064
Summary IBM Truststore Manager uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by t...
Security Bulletin: IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782
Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority...
Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782
Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...
Security Bulletin: IBM Maximo Application Suite and IBM Truststore Manager uses Jinja2-3.1.2-py3-none-any.whl and Jinja2-3.0.3-py3-none-any.whl which is vulnerable to CVE-2024-22195
Summary IBM Maximo Application Suite and IBM Truststore Manager uses Jinja2-3.1.2-py3-none-any.whl and Jinja2-3.0.3-py3-none-any.whl which is vulnerable to CVE-2024-22195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22195...
Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-41.0.7-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-26130
Summary IBM Maximo Application Suite uses cryptography-41.0.4-cp37-abi3-manylinux228x8664.whl and cryptography-41.0.7-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-26130. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
foreman: World readable file containing secrets
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...
Security Bulletin: IBM Maximo Application Suite and IBM Truststore Manager uses urllib3-2.0.4-py3-none-any.whl and urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-45803 and CVE-2023-43804
Summary IBM Maximo Application Suite and IBM Truststore Manager uses urllib3-2.0.4-py3-none-any.whl and urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-45803 and CVE-2023-43804. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Security Bulletin: IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920
Summary IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...
Security Bulletin: IBM Maximo Application Suite uses requests-2.28.2-py3-none-any.whl which is vulnerable to CVE-2023-32681
Summary IBM Maximo Application Suite uses requests-2.28.2-py3-none-any.whl which is vulnerable to CVE-2023-32681. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to...
foreman: World readable file containing secrets
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...
keycloak: Untrusted Certificate Validation
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...