English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.18.2.2025.0719.1
Categoría:openSUSE Local Security Checks
Título:openSUSE Security Advisory (SUSE-SU-2025:0719-1)
Resumen:The remote host is missing an update for the 'Maven' package(s) announced via the SUSE-SU-2025:0719-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Maven' package(s) announced via the SUSE-SU-2025:0719-1 advisory.

Vulnerability Insight:
This update for Maven fixes the following issues:

maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1:

- Key changes across versions:
* Bug fixes and improved support of dynamic types
* Dependency upgrades (ASM, Maven core, and notably the removal of commons-io)
* Improved error handling by logging instead of failing
* Improved dependency usage tracking

maven-dependency-plugin was updated from version 3.6.0 to 3.8.1:

- Key changes across versions:
* Dependency upgrades on maven-dependency-analyzer and Doxia
* Deprecated dependency:sources in favor of dependency:resolve-sources
* Documentation improvements
* New dependency analysis goal to check for invalid exclusions
* New JSON output option for dependency:tree
* Performance improvements
* Several bug fixes addressing:
+ The handling of silent parameters
+ The display of the optional flag in the tree
+ The clarity of some error messages

maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0:

- Key changes across versions:
* New features:
+ Passing the input filename to the parser
+ Adding a timezone field to the site descriptor
+ Configuring parsers per markup
* Improvements:
+ Clarifying site descriptor properties
+ Requiring a skin if a site descriptor (site.xml) has been provided
+ Optimization of resource handling
+ Overhauled locale support
+ Refinined menu item display
+ Use of Maven Resolver for artifact resolution
+ Enhanced Velocity context population
+ Automating anchor creation
* Internal changes:
+ Migration from Plexus to Sisu
+ Upgraded to Java 8
+ Removal of deprecated components and features (such as Maven 1.x support, Google-related properties)
+ Simplified the site model
+ Improved the DocumentRenderer interface/DocumentRenderingContext class API
* Several bug fixes addressing:
+ The Plexus to Sisu migration
+ Decoration model injection
+ Anchor creation
+ XML character escaping
+ Handling of 0-byte site descriptors

maven-doxia was updated from version 1.12.0 to 2.0.0:

- Key changes across versions:
* Improved HTML5 Support:
+ Obsolete attributes and elements were removed
+ CSS styles are now used for styling
+ XHTML5 is now the default HTML implementation, and XHTML(4) is deprecated
* Improved Markdown Support:
+ A new Markdown sink allows converting content to Markdown.
+ Support for various Markdown features like blockquotes, footnotes, and metadata has been added
* General Improvements:
+ Dependencies were updated
+ Doxia was upgraded to Java 8
+ Logging and Doxia ID generation were streamlined
+ Migration from Plexus to Sisu
+ Removed deprecated modules and code
* Several bug fixes addressing:
+ HTML5 incorrect output such as tables, styling and missing or improperly handled attributes
+ Markdown formatting issues
+ Issues with plexus migration
+ Incorrect generation of unique IDs
+ Incorrect anchor generation ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Maven' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-13936
https://security.gentoo.org/glsa/202107-52
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html
https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/03/10/1
https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E
https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3E
CopyrightCopyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.