[SECURITY] Fedora 40 Update: args4j-2.33-26.fc40

args4j is a small Java class library that makes it easy to parse command line options/arguments in your CUI application. - It makes the command line parsing very easy by using annotations - You can generate the usage screen very easily - You can generate HTML/XML that lists all options for your...

[SECURITY] Fedora 40 Update: apache-commons-net-3.10.0-5.fc40

This is an Internet protocol suite Java library originally developed by ORO, Inc. This version supports Finger, Whois, TFTP, Telnet, POP3, FTP, NNTP, SMTP, and some miscellaneous protocols like Time and Echo as well as BSD R command support. The purpose of the library is to provide fundamental...

[SECURITY] Fedora 40 Update: ant-1.10.14-10.fc40

Apache Ant is a Java library and command-line tool whose mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications. Ant supplies a number of built-in tasks allowing to compile,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for web exploitation. The tool targets t...

GHSA-6QVW-249J-H44C jose4j denial of service via specifically crafted JWE

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

Hibernate Validator < 6.2 XSS

The version of Hibernate Validator on the remote host is prior to 6.2. It may, therefore, by affected by a cross-site scripting XSS vulnerability. A flaw was found in the isValid method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed ...

Oracle WebCenter Portal Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...

Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]

Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...

IPAddress security vulnerability

IPAddress is a Java library for working with IP addresses. A security vulnerability exists in IPAddress version v5.1.0, which stems from a security issue in the component IPAddressBitsDivision that causes an infinite loop...

AZL-32259 CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

iText Input Validation Error Vulnerability

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. An input validation error vulnerability exists in Apryse iText version 8.0.2, which stems from a problem in the main function of the PdfDocument.java file,...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.h2o:h2o-app (>=0.1.22 <=0.1.25) +1040 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcprov-jdk15 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk15 MAVEN version =1.38, =1.3, =0.1.22, =0.1.22, =1.0.0, =2.1.0, =1.0.1, =4.2.0, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.0.3, =1.3.3 and more Source cves: CVE-2023-33202 Source advisory: OSV:GHSA-WJXJ-5M7G-MG7Q...

DEBIAN-CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

The vulnerability of the hasNextChunk function in the snappy-java compression/decompression library allows a hacker to cause a service failure.

The vulnerability of the hasNextChunk function in the snappy-java compression/decompression library is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the compress(char[] input) function in the snappy-java compression/decompression library, which allows a hacker to cause a service failure.

The vulnerability of the compresschar input function in the snappy-java compression/decompression library is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

The vulnerability of the Java library for analyzing, extracting, and managing data in HTML documents, jsoup, is related to deficiencies in handling exceptional states, allowing attackers to trigger a service failure.

The vulnerability of the Java library for analyzing, extracting, and managing data in HTML documents, known as jsoup, is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker to cause service interruptions...

CVE-2023-20965

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for CVE-2022-33980

riskootext4shell text4shell script for text coomons =1.10...

cloud.piranha.extension:piranha-extension-hazelcast (>=22.5.0 <=22.11.0), cloud.piranha:debug (>=22.5.0 <=22.11.0) +142 more potentially affected by CVE-2023-33264 via com.hazelcast:hazelcast (>=5.1-BETA-1 <=5.1.5)

com.hazelcast:hazelcast MAVEN version =5.1-BETA-1, =22.5.0, =22.5.0, =8.1.1, =8.2.0, =5.1.15, =5.1.15, =1.40.0, =0.7.0, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.15 - com.gitee.kamismile:gatewayweb =1.2.8 and more Source cves: CVE-2023-33264 Source advisory: OSV:GHSA-5GJ6-62G7-VMGF...