EUVD-2022-5374

Malicious code in bioql PyPI...

EUVD-2022-1624

Malicious code in bioql PyPI...

EUVD-2022-3343

Malicious code in bioql PyPI...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...

Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)

Summary Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin. Vulnerability Details CVEID:CVE-2014-3623 DESCRIPTION: Apache CXF could...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2015-0227 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2015-0227 Source advisory: OSV:GHSA-6R5V-HP32-FJQW...

GHSA-6R5V-HP32-FJQW Improper Access Control in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...

com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2015-0227 via wss4j:wss4j (>=1.5.0 <=1.5.1)

wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...

Improper Access Control in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...

Improper Authentication in Apache WSS4J

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...

net.gplatform:sudoor-server-lib (>=1.0.4 <=1.0.8), no.difi.sdp:sikker-digital-post-java-klient (>=1.0 <=1.2.0.RC1) +60 more potentially affected by CVE-2015-0226 via org.apache.wss4j:wss4j-ws-security-dom (>=2.0.0 <=2.0.10)

org.apache.wss4j:wss4j-ws-security-dom MAVEN version =2.0.0, =1.0.4, =1.0, =0.9, =0.9, =1.1.9 - org.apache.camel:camel-example-reportincident-wssecurity =2.14.0 - org.apache.cxf.fediz.examples.wsclientWebapp.webservice:fedizservice =1.2.4 - org.apache.cxf.fediz.examples.wsclientWebapp:webapp =1.2...

Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this...

Security Bulletin: Apache WSS4J Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerablities from WSS4J. Vulnerability Details CVEID: CVE-2015-0227 DESCRIPTION: Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the...

Improper Authentication in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...

GHSA-99V3-9X35-C5VF Improper Authentication in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...

Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2011-2487 via wss4j:wss4j (>=1.5.0 <=1.5.1)

wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...

br.net.woodstock.rockframework:rockframework-core (=1.2.4), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +523 more potentially affected by CVE-2011-2487 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.4)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =1.6.0, =1.3.1, =0.1.10, =1.3.1, =1.3.1, =1.3.1, =6.0.1, =1.0.2, =4.10.0, =2.6.2, =2.6.2, =4.8.0, =4.10.3 and more Source cves: CVE-2011-2487 Source advisory: OSV:GHSA-4QQF-HMV6-R6WH...

GHSA-4QQF-HMV6-R6WH Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...