[SECURITY] Fedora 40 Update: apache-commons-text-1.10.0-6.fc40

The Commons Text library provides additions to the standard JDK's text handli ng. Our goal is to provide a consistent set of tools for processing text generally from computing distances between Strings to being able to efficiently do Stri ng escaping of various types...

[SECURITY] Fedora 40 Update: apache-commons-vfs-2.9.0-5.fc40

Commons VFS provides a single API for accessing various file systems. It presents a uniform view of the files from various sources, such as the files on local disk, on an HTTP server, or inside a Zip archive. Some of the features of Commons VFS are: A single consistent API for accessing files of...

[SECURITY] Fedora 40 Update: apache-commons-compress-1.25.0-5.fc40

The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, but it has been removed form this package...

[SECURITY] Fedora 40 Update: apache-commons-exec-1.3-31.fc40

Commons Exec is a library for dealing with external process execution and environment management in Java...

[SECURITY] Fedora 40 Update: apache-commons-collections-3.2.2-36.fc40

The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures has accelerated development by reducing the need for custom container classes around each core object. Most Java2 APIs are significantly easi...

[SECURITY] Fedora 40 Update: apache-commons-jxpath-1.3-52.fc40

Defines a simple interpreter of an expression language called XPath. JXPath applies XPath expressions to graphs of objects of all kinds: JavaBeans, Maps, Servlet contexts, DOM etc, including mixtures thereof...

[SECURITY] Fedora 40 Update: apache-commons-collections4-4.4-15.fc40

Commons-Collections seek to build upon the JDK classes by providing new interfaces, implementations and utilities...

[SECURITY] Fedora 40 Update: apache-commons-io-2.13.0-8.fc40

Commons-IO contains utility classes, stream implementations, file filters, and endian classes. It is a library of utilities to assist with developing IO functionality...

[SECURITY] Fedora 40 Update: apache-commons-beanutils-1.9.4-19.fc40

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

BIT-JENKINS-2023-27900

Jenkins LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

BIT-JENKINS-2023-27901

Jenkins LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:0726-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0726-1 advisory. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

SUSE-SU-2024:0726-1 Security update for Java

This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: New features: + Added Maven property project.build.outputTimestamp for build reproducibility Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version...

CentOS 9 : bcel-6.4.1-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the bcel-6.4.1-9.el9 build changelog. - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty impact IBM Common Licensing

Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...

Security Bulletin: Due to the use of Apache Commons Codec, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to an information exposure.

Summary There is a vulnerability in Apache Commons Codec library which is shipped as part of IBM CICS Transaction Gateway for Multiplatforms. An update to IBM CICS Transaction Gateway for Multiplatforms has been released to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835...

SUSE CVE-2024-25710

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue...

SUSE CVE-2024-26308

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue...

Apache Commons Compress 1.21 < 1.26.0 DoS Vulnerability

The Apache Commons Compress library is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...