EUVD-2013-3378

Malware in sbrugna...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2025-48913

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients

A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory...

GHSA-3336-H95J-HVVF Improper Access Control in Apache CXF

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."...

CVE-2017-11564

The CVE-2017-11564 entry concerns the D-Link EyeOn Baby Monitor (DCS-825L) running 1.08.1, which has multiple command-injection vulnerabilities in its web service framework. The issue allows an attacker to forge crafted HTTP requests to execute commands, with authentication required before the at...

RESTEasy XML External Entity Injection Vulnerability

RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . RESTEasy has an XML external entity injection vulnerability. An attacker could exploit this vulnerability t...

CVE-2016-0456

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. NOTE: the previous information is...

CXF: Large invalid content could cause temporary space to fill

It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of dis...

CXF: HTML content posted to SOAP endpoint could cause OOM errors

A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...

Important: Red Hat Security Advisory: jbossws-common security update

An updated jbossws-common.jar file for JBoss Enterprise Portal Platform 5.1.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...