Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...

ai.optfor:spring-openai-api (>=0.2.2 <=0.3.25), be.vlaanderen.informatievlaanderen.ldes.ldio:ldio-azure-blob-out (=2.12.0) +748 more potentially affected by CVE-2023-34062 via io.projectreactor.netty:reactor-netty-http (>=1.1.0 <=1.1.12)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.1.0, =0.2.2, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2023-34062 Source advisory: OSV:GHSA-XJHV-P3FV-X24R...

au.gov.nehta:clinical-document-packaging-library (=1.2.5), au.gov.nehta:common-library (>=1.1.1 <=1.2.1) +2199 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=1.4.2 <=2.2.4)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.1, =1.6.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =1.3.5, =1.3.7 - cc.drx:poi2.13 =ee and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

com.abavilla:fpi-bot-api (>=1.0.2 <=1.5.0), com.abavilla:fpi-bot-api-core (>=1.0.2 <=1.3.1) +38 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=0.27.0 <=2.16.10.Final)

io.quarkus:quarkus-keycloak-authorization MAVEN version =0.27.0, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.0.22, =1.3.3, =1.7.1 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

Eclipse Leshan 代码问题漏洞

Eclipse Leshan is a set of open source Java libraries from the Eclipse Foundation that can be used to develop your own Lightweight M2M server and client. Eclipse Leshan has a code issue vulnerability that stems from being subject to an XML External Entity XXE attack...

ai.tock:tock-shared (>=19.9.4 <=26.3.1), at.austriapro:ebinterface-rendering (>=1.0.0 <=1.0.1) +1497 more potentially affected by CVE-2022-44729 via org.apache.xmlgraphics:batik-bridge (>=1.10 <=1.16)

org.apache.xmlgraphics:batik-bridge MAVEN version =1.10, =19.9.4, =1.0.0, =1.0.7, =0.2.1, =0.5.0, =0.11.1, =0.0.2, =0.0.1, =0.0.1, =25.6.0, =25.11.0 and more Source cves: CVE-2022-44729 Source advisory: OSV:GHSA-GQ5F-XV48-2365...

ai.grakn:grakn-dist (>=0.15.0 <=0.17.0), ai.grakn:janus-factory (>=0.17.0 <=0.18.0) +1195 more potentially affected by unknown CVE via ch.qos.reload4j:reload4j (>=1.2.18.0 <=1.2.21)

ch.qos.reload4j:reload4j MAVEN version =1.2.18.0, =0.15.0, =0.17.0, =0.15.0, =1.6.0, =3.7.6, =0.6.2, =0.6.0, =0.8.0, =1.6.0-pre - com.aegisql.conveyor-persistence-jdbc:conveyor-persistence-jdbc =1.6.1 - com.aegisql.persistence:conveyor-persistence =1.6.1 -...

com.github.broadinstitute:picard (>=2.27.3 <=2.27.4), org.gorpipe:gor-drivers (>=4.1.2 <=4.3.2) +4 more potentially affected by CVE-2022-21126 via com.github.samtools:htsjdk (=3.0.0)

com.github.samtools:htsjdk MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.samtools:htsjdk and may be impacted: - com.github.broadinstitute:picard =2.27.3, =4.1.2, =4.3.1, =4.1.2, =4.1.2, =3.10.1, =4.2.9 Source cves:...

ai.traceroot:traceroot-sdk-java (>=0.0.1-alpha.2 <=0.0.1-alpha.5), be.cylab.mark:server (>=0.0.10 <=0.0.19) +3600 more potentially affected by CVE-2022-41404 via org.ini4j:ini4j (>=0.3.3 <=0.5.4)

org.ini4j:ini4j MAVEN version =0.3.3, =0.0.1-alpha.2, =0.0.10, =3.00.4, =3.00.3, =4.00.10, =2.0.4, =0.0.3, =0.1.0, =1.0.1, =1.0.0, =1.0, =0.2.0, =0.2.0, =2.0.0, =2.3.1 and more Source cves: CVE-2022-41404 Source advisory: OSV:GHSA-JR6H-R7VG-F9MC...

ai.djl.timeseries:timeseries (>=0.19.0 <=0.32.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +289 more potentially affected by CVE-2022-37767 via io.pebbletemplates:pebble (>=2.5.0 <=3.1.5)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =6.5.1, =6.0.0, =12.0.0-beta, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2022-37767 Source advisory: OSV:GHSA-WXX5-W9JC-48WX...

Microsoft Azure 加密问题漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A vulnerability exists in Microsoft Azure with cryptographic issues. The following products and versions are affected: Azure Storage Blobs client library for...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +1507 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-web (>=5.6.0 <=5.6.3)

org.springframework.security:spring-security-web MAVEN version =5.6.0, =4.4.0.2, =0.2.0, =2.1.0.M8, =1.0.0, =2.7.0.Beta4, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta2 and more Source cves: CVE-2022-22978 Source advisory:...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2015-0227 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2015-0227 Source advisory: OSV:GHSA-6R5V-HP32-FJQW...

com.aripd:aricl (=1.4), com.aripd:aricom (=1.0) +92 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.2.0 <=2.2.20)

org.glassfish:javax.faces MAVEN version =2.2.0, =3.2.1036, =1.0.0, =1.0.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.2.0, =1.0.0, =1.7.3 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...

com.coherentlogic.fred.client:fred-client-core (=0.9.3), com.coherentlogic.fred.client:fred-client-core-it (=0.9.3) +36 more potentially affected by CVE-2013-6235 via com.jamonapi:jamon (>=1.0 <=2.75)

com.jamonapi:jamon MAVEN version =1.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.1.4, =0.9.0, =0.9.1 and more Source cves: CVE-2013-6235 Source advisory: OSV:GHSA-QPR7-5M63-HQ2Chttps://vulners.com/osv/OSV:GHSA...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), be.objectify:deadbolt-core_2.10 (>=2.2.0 <=2.4.3) +1203 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=5.0.0.Alpha1 <=5.1.1.Final)

org.hibernate:hibernate-validator MAVEN version =5.0.0.Alpha1, =1.0.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.0.0, =4.0.0.Final, =4.3.0-beta-3 - br.com.caelum:vraptor-musicjungle =4.0.0-beta-1 - br.com.ingenieux.dropwizard:dropwizard-envvar =0.0.1 -...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2015-0226 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2015-0226 Source advisory: OSV:GHSA-VJWC-5HFH-2VV5...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.berktest:BerkClient (>=1.0.0 <=1.0.3) +13209 more potentially affected by CVE-2016-2402 via com.squareup.okhttp3:okhttp (>=3.0.0 <=3.1.1)

com.squareup.okhttp3:okhttp MAVEN version =3.0.0, =0.5.0, =1.0.0, =0.80.7, =0.80.7, =0.80.7, =0.80.7, =3.24.0.1, =3.32.0.1-2-2.1, =3.32.0.1-2-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.36.0.2-1-2.4 and more Source cves: CVE-2016-2402 Source...

net.gplatform:sudoor-server-lib (>=1.0.4 <=1.0.8), no.difi.sdp:sikker-digital-post-java-klient (>=1.0 <=1.2.0.RC1) +60 more potentially affected by CVE-2014-3623 via org.apache.wss4j:wss4j-ws-security-dom (>=2.0.0 <=2.0.10)

org.apache.wss4j:wss4j-ws-security-dom MAVEN version =2.0.0, =1.0.4, =1.0, =0.9, =0.9, =1.1.9 - org.apache.camel:camel-example-reportincident-wssecurity =2.14.0 - org.apache.cxf.fediz.examples.wsclientWebapp.webservice:fedizservice =1.2.4 - org.apache.cxf.fediz.examples.wsclientWebapp:webapp =1.2...