English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2025.0719.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2025:0719-1)
Summary:The remote host is missing an update for the 'Maven' package(s) announced via the SUSE-SU-2025:0719-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Maven' package(s) announced via the SUSE-SU-2025:0719-1 advisory.

Vulnerability Insight:
This update for Maven fixes the following issues:

maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1:

- Key changes across versions:
* Bug fixes and improved support of dynamic types
* Dependency upgrades (ASM, Maven core, and notably the removal of commons-io)
* Improved error handling by logging instead of failing
* Improved dependency usage tracking

maven-dependency-plugin was updated from version 3.6.0 to 3.8.1:

- Key changes across versions:
* Dependency upgrades on maven-dependency-analyzer and Doxia
* Deprecated dependency:sources in favor of dependency:resolve-sources
* Documentation improvements
* New dependency analysis goal to check for invalid exclusions
* New JSON output option for dependency:tree
* Performance improvements
* Several bug fixes addressing:
+ The handling of silent parameters
+ The display of the optional flag in the tree
+ The clarity of some error messages

maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0:

- Key changes across versions:
* New features:
+ Passing the input filename to the parser
+ Adding a timezone field to the site descriptor
+ Configuring parsers per markup
* Improvements:
+ Clarifying site descriptor properties
+ Requiring a skin if a site descriptor (site.xml) has been provided
+ Optimization of resource handling
+ Overhauled locale support
+ Refinined menu item display
+ Use of Maven Resolver for artifact resolution
+ Enhanced Velocity context population
+ Automating anchor creation
* Internal changes:
+ Migration from Plexus to Sisu
+ Upgraded to Java 8
+ Removal of deprecated components and features (such as Maven 1.x support, Google-related properties)
+ Simplified the site model
+ Improved the DocumentRenderer interface/DocumentRenderingContext class API
* Several bug fixes addressing:
+ The Plexus to Sisu migration
+ Decoration model injection
+ Anchor creation
+ XML character escaping
+ Handling of 0-byte site descriptors

maven-doxia was updated from version 1.12.0 to 2.0.0:

- Key changes across versions:
* Improved HTML5 Support:
+ Obsolete attributes and elements were removed
+ CSS styles are now used for styling
+ XHTML5 is now the default HTML implementation, and XHTML(4) is deprecated
* Improved Markdown Support:
+ A new Markdown sink allows converting content to Markdown.
+ Support for various Markdown features like blockquotes, footnotes, and metadata has been added
* General Improvements:
+ Dependencies were updated
+ Doxia was upgraded to Java 8
+ Logging and Doxia ID generation were streamlined
+ Migration from Plexus to Sisu
+ Removed deprecated modules and code
* Several bug fixes addressing:
+ HTML5 incorrect output such as tables, styling and missing or improperly handled attributes
+ Markdown formatting issues
+ Issues with plexus migration
+ Incorrect generation of unique IDs
+ Incorrect anchor generation ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Maven' package(s) on SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server 15-SP4, SUSE Linux Enterprise Server 15-SP5, SUSE Linux Enterprise Server for SAP Applications 15-SP3, SUSE Linux Enterprise Server for SAP Applications 15-SP4, SUSE Linux Enterprise Server for SAP Applications 15-SP5.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-13936
https://security.gentoo.org/glsa/202107-52
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html
https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22ce580d8baa824fd@%3Ccommits.druid.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/03/10/1
https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44dbf21487c6cca4@%3Cdev.santuario.apache.org%3E
https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de8214bcdc4c21d9a7@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E
https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc322771160d8058@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b198814acadbe6c862c7@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c312e9f25bf6f3b8c@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44fd9227e7b3dc5da@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025e89558deb5a245@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260c10d4a8dba8ac9@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd76af9e946d9d9ad@%3Cdev.ws.apache.org%3E
https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db40a8edfd5ebc436@%3Cdev.ws.apache.org%3E
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.