Fedora: Security Advisory for ant (FEDORA-2020-92b1d001b3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for ant (FEDORA-2020-2640aa4e19)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: ant-1.10.9-1.fc33

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

Debian: Security Advisory (DLA-2406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2406-1] jackson-databind security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2406-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2020 https://wiki.debian.org/LTS -...

Debian DLA-2405-1 : httpcomponents-client security update

Oleg Kalnichevski discovered that httpcomponents-client, a Java library for building HTTP-aware applications, can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. For Debian 9 stretch,...

VulnCheck KEV: CVE-2023-25158

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

Fedora: Security Advisory for ant (FEDORA-2020-52741b0a49)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: ant-1.10.8-1.fc32

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

[SECURITY] Fedora 31 Update: ant-1.10.8-1.fc31

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

The vulnerability of the Nimbus JOSE + JWT Java library lies in insufficient checks for unusual or exceptional states, allowing attackers to trigger service failures or gain unauthorized access to protected information.

The vulnerability of the Nimbus JOSE + JWT Java library is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or gain unauthorized access to protected information...

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Third Party Tools Bouncy Castle Java Library component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTPS could explo...

Apache Olingo OData 4.0 - XML External Entity Injection Exploit

Exploit for java platform in category web applications Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock email protected Date:...

Apache Olingo OData 4.6.x XML Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock...

com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-10770 via io.ratpack:ratpack-core (>=0.9.10 <=1.7.5)

io.ratpack:ratpack-core MAVEN version =0.9.10, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-10770 Source advisory: SNYK:JAVA-IORATPACK-534882...

Debian DSA-4542-1 : jackson-databind - security update

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server....

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4542-1] jackson-databind security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq -...

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...