Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Waarp Gateway Ftp

Waarp:WaarpGatewayFtp:3.6.2-jre8

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
Saxon-HE-11.3.jarcpe:2.3:a:kay_framework_project:kay_framework:11.3:*:*:*:*:*:*:*pkg:maven/net.sf.saxon/Saxon-HE@11.3 0Low55
checker-qual-3.12.0.jarpkg:maven/org.checkerframework/checker-qual@3.12.0 048
commons-beanutils-1.9.4.jarcpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*pkg:maven/commons-beanutils/commons-beanutils@1.9.4 0Highest170
commons-cli-1.5.0.jarcpe:2.3:a:apache:james:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:spirit-project:spirit:1.5.0:*:*:*:*:*:*:*		pkg:maven/commons-cli/commons-cli@1.5.0CRITICAL4Low104
commons-codec-1.15.jarpkg:maven/commons-codec/commons-codec@1.15 0110
commons-collections-3.2.2.jarcpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*pkg:maven/commons-collections/commons-collections@3.2.2 0Highest86
commons-collections4-4.4.jarcpe:2.3:a:apache:commons_collections:4.4:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.4 0Highest107
commons-compress-1.21.jarcpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-compress@1.21 0Highest107
commons-daemon-1.3.1.jarcpe:2.3:a:apache:apache_commons_daemon:1.3.1:*:*:*:*:*:*:*pkg:maven/commons-daemon/commons-daemon@1.3.1 0Low80
commons-dbcp-1.4.jarpkg:maven/commons-dbcp/commons-dbcp@1.4 096
commons-dbcp2-2.9.0.jarpkg:maven/org.apache.commons/commons-dbcp2@2.9.0 0112
commons-exec-1.3.jarpkg:maven/org.apache.commons/commons-exec@1.3 061
commons-io-2.11.0.jarcpe:2.3:a:apache:commons_io:2.11.0:*:*:*:*:*:*:*pkg:maven/commons-io/commons-io@2.11.0 0Highest125
commons-logging-1.2.jarpkg:maven/commons-logging/commons-logging@1.2 0117
commons-net-3.8.0-ftp.jarpkg:maven/commons-net/commons-net@3.8.0 028
commons-pool-1.6.jarpkg:maven/commons-pool/commons-pool@1.6 075
commons-pool2-2.11.1.jarpkg:maven/org.apache.commons/commons-pool2@2.11.1 092
dom4j-2.1.3.jarcpe:2.3:a:dom4j_project:dom4j:2.1.3:*:*:*:*:*:*:*pkg:maven/org.dom4j/dom4j@2.1.3 0Highest20
error_prone_annotations-2.11.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.11.0 023
failureaccess-1.0.1.jarpkg:maven/com.google.guava/failureaccess@1.0.1 030
ftp4j-1.7.2.jarpkg:maven/it.sauronsoftware/ftp4j@1.7.2 020
guava-31.1-jre.jarcpe:2.3:a:google:guava:31.1:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@31.1-jre 0Highest27
h2-1.4.200.jarcpe:2.3:a:h2database:h2:1.4.200:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@1.4.200CRITICAL3Highest44
h2-1.4.200.jar: data.zip: table.js 00
h2-1.4.200.jar: data.zip: tree.js 00
httpclient-4.5.13.jarcpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:*pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 0Highest32
httpcore-4.4.15.jarpkg:maven/org.apache.httpcomponents/httpcore@4.4.15 032
j2objc-annotations-1.3.jarpkg:maven/com.google.j2objc/j2objc-annotations@1.3 024
jackson-core-2.13.3.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.3 0Low51
jackson-databind-2.13.3.jarcpe:2.3:a:fasterxml:jackson-databind:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.3:*:*:*:*:*:*:*		pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.3 0Highest45
jackson-dataformat-smile-2.13.3.jarcpe:2.3:a:fasterxml:jackson-dataformats-binary:2.13.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-smile@2.13.3 0Low43
jackson-module-jaxb-annotations-2.13.3.jarpkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.13.3 043
jakarta.activation-api-1.2.2.jarpkg:maven/jakarta.activation/jakarta.activation-api@1.2.2 033
jakarta.annotation-api-1.3.5.jarcpe:2.3:a:oracle:java_se:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:projects:1.3.5:*:*:*:*:*:*:*		pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 0Low37
jakarta.inject-2.6.1.jarcpe:2.3:a:oracle:java_se:2.6.1:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2.external/jakarta.inject@2.6.1 0Low27
jakarta.ws.rs-api-2.1.6.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.6:*:*:*:*:*:*:*pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@2.1.6MEDIUM2Low45
jakarta.xml.bind-api-2.3.3.jarpkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@2.3.3 035
javasysmon-0.3.6.jarpkg:maven/javasysmon/javasysmon@0.3.6 014
javax.activation-1.2.0.jarpkg:maven/com.sun.activation/javax.activation@1.2.0 040
javax.activation-api-1.2.0.jarpkg:maven/javax.activation/javax.activation-api@1.2.0 039
javax.ws.rs-api-2.1.1.jarcpe:2.3:a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*pkg:maven/javax.ws.rs/javax.ws.rs-api@2.1.1MEDIUM2Highest44
jaxb-api-2.3.1.jarcpe:2.3:a:oracle:java_se:2.3.1:*:*:*:*:*:*:*pkg:maven/javax.xml.bind/jaxb-api@2.3.1 0Low37
jaxb-core-2.3.0.1.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.5)pkg:maven/com.sun.istack/istack-commons-runtime@3.0.5 09
jaxb-core-2.3.0.1.jar (shaded: org.glassfish.jaxb:txw2:2.3.0.1)pkg:maven/org.glassfish.jaxb/txw2@2.3.0.1 011
jaxb-core-2.3.0.1.jarcpe:2.3:a:oracle:java_se:2.3.0.1:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind/jaxb-core@2.3.0.1
pkg:maven/org.glassfish.jaxb/jaxb-core@2.3.0.1		 0Low45
jaxb-impl-2.3.6.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.12)pkg:maven/com.sun.istack/istack-commons-runtime@3.0.12 09
jaxb-impl-2.3.6.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.3.6)pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.6 013
jaxb-impl-2.3.6.jar (shaded: org.glassfish.jaxb:txw2:2.3.6)pkg:maven/org.glassfish.jaxb/txw2@2.3.6 013
jaxb-impl-2.3.6.jarcpe:2.3:a:oracle:java_se:2.3.6:*:*:*:*:*:*:*pkg:maven/com.sun.xml.bind/jaxb-impl@2.3.6 0Low45
jaxen-1.2.0.jarpkg:maven/jaxen/jaxen@1.2.0 0117
jcl-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/jcl-over-slf4j@1.7.36 033
jersey-common-2.35.jarcpe:2.3:a:jersey_project:jersey:2.35:*:*:*:*:*:*:*pkg:maven/org.glassfish.jersey.core/jersey-common@2.35 0Highest33
joda-time-2.10.14.jarcpe:2.3:a:time_project:time:2.10.14:*:*:*:*:*:*:*pkg:maven/joda-time/joda-time@2.10.14 0Highest47
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
jul-to-slf4j-1.7.36.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.36 028
libthrift-0.9.3-1.jarcpe:2.3:a:apache:thrift:0.9.3.1:*:*:*:*:*:*:*pkg:maven/org.apache.thrift/libthrift@0.9.3-1HIGH5Highest95
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jarpkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava 013
log4j-core-2.18.0.jarcpe:2.3:a:apache:log4j:2.18.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-core@2.18.0 0Highest50
log4j-over-slf4j-1.7.36.jarpkg:maven/org.slf4j/log4j-over-slf4j@1.7.36 029
log4j-to-slf4j-2.18.0.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.18.0 046
logback-core-1.2.11.jarcpe:2.3:a:qos:logback:1.2.11:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.11 0Highest35
mariadb-java-client-3.0.6.jarcpe:2.3:a:mariadb:mariadb:3.0.6:*:*:*:*:*:*:*pkg:maven/org.mariadb.jdbc/mariadb-java-client@3.0.6HIGH14Highest47
mysql-connector-java-8.0.20.jarcpe:2.3:a:mysql:mysql:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_connector\/j:8.0.20:*:*:*:*:*:*:*		pkg:maven/mysql/mysql-connector-java@8.0.20MEDIUM2Highest44
netty-common-4.1.78.Final.jar (shaded: org.jctools:jctools-core:3.1.0)pkg:maven/org.jctools/jctools-core@3.1.0 09
netty-http-java6-1.5.0.jarpkg:maven/Waarp/netty-http-java6@1.5.0 030
netty-tcnative-classes-2.0.53.Final.jarcpe:2.3:a:openssl:openssl:2.0.53:*:*:*:*:*:*:*pkg:maven/io.netty/netty-tcnative-classes@2.0.53.Final 0Low36
netty-transport-4.1.78.Final.jarcpe:2.3:a:netty:netty:4.1.78:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.78.Final 0Highest32
ojdbc6-11.2.0.4.jarcpe:2.3:a:oracle:jdbc:11.2.0.4:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ojdbc6@11.2.0.4HIGH1Highest30
osgi-resource-locator-1.0.3.jarcpe:2.3:a:oracle:java_se:1.0.3:*:*:*:*:*:*:*pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.3 0Low36
postgresql-42.4.0.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.4.0:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.4.0 0Low71
protobuf-java-3.6.1.jarcpe:2.3:a:google:protobuf-java:3.6.1:*:*:*:*:*:*:*pkg:maven/com.google.protobuf/protobuf-java@3.6.1MEDIUM1Highest25
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
snmp4j-2.8.12.jarpkg:maven/org.snmp4j/snmp4j@2.8.12 031
snmp4j-agent-2.7.4.jarpkg:maven/org.snmp4j/snmp4j-agent@2.7.4 033
ucp-11.2.0.4.jarcpe:2.3:a:oracle:jdbc:11.2.0.4:*:*:*:*:*:*:*pkg:maven/com.oracle.database.jdbc/ucp@11.2.0.4HIGH1Highest28
xercesImpl-2.12.2.jarcpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*pkg:maven/xerces/xercesImpl@2.12.2MEDIUM1Low83
xml-apis-1.4.01.jarpkg:maven/xml-apis/xml-apis@1.4.01 087
xmlresolver-4.2.0-data.jarpkg:maven/org.xmlresolver/xmlresolver@4.2.0 012
xmlresolver-4.2.0.jarpkg:maven/org.xmlresolver/xmlresolver@4.2.0 026
zjsonpatch-0.4.12.jarpkg:maven/com.flipkart.zjsonpatch/zjsonpatch@0.4.12 026
zstd-jni-1.5.2-3.jarcpe:2.3:a:freebsd:freebsd:1.5.2.3:*:*:*:*:*:*:*pkg:maven/com.github.luben/zstd-jni@1.5.2-3 0Low45

Dependencies

Saxon-HE-11.3.jar

Description:

The XSLT and XQuery Processor

License:

Mozilla Public License Version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: /home/frederic/.m2/repository/net/sf/saxon/Saxon-HE/11.3/Saxon-HE-11.3.jar
MD5: 1cce6eb21dca2168134291146fe1084e
SHA1: 193fdead8a5c69d505fa579639c108feb3e4db7f
SHA256:e62e1a283b1aa610605fde18e9368a9ec6f24d878320eb74cfc1c1f2d432e8a6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

checker-qual-3.12.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: /home/frederic/.m2/repository/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
MD5: ab1ae0e2f2f63601597a5a96fca8a54f
SHA1: d5692f0526415fcc6de94bb5bfbd3afd9dd3b3e5
SHA256:ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-cli-1.5.0.jar

Description:

    Apache Commons CLI provides a simple API for presenting, processing and validating a Command Line Interface.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-cli/commons-cli/1.5.0/commons-cli-1.5.0.jar
MD5: 6c3b2052160144196118b1f019504388
SHA1: dc98be5d5390230684a092589d70ea76a147925c
SHA256:bc8bb01fc0fad250385706e20f927ddcff6173f6339b387dc879237752567ac6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

  • pkg:maven/commons-cli/commons-cli@1.5.0  (Confidence:High)
  • cpe:2.3:a:apache:james:1.5.0:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:spirit-project:spirit:1.5.0:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2021-38542  

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2021-40110  

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-40111  

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-40525  

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

commons-codec-1.15.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar
MD5: 303baf002ce6d382198090aedd9d79a2
SHA1: 49d94806b6e3dc933dacbd8acb0fdbab8ebd1e5d
SHA256:b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-collections4-4.4.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar
MD5: 4a37023740719b391f10030362c86be6
SHA1: 62ebe7544cb7164d87e0637a2a6a2bdc981395e8
SHA256:1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-compress-1.21.jar

Description:

Apache Commons Compress software defines an API for working with
compression and archive formats.  These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar
MD5: 2a713d10331bc4e13459a3dc0463f16f
SHA1: 4ec95b60d4e86b5c95a0e919cb172a0af98011ef
SHA256:6aecfd5459728a595601cfa07258d131972ffc39b492eb48bdd596577a2f244a
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-daemon-1.3.1.jar

Description:

    Apache Commons Daemon software is a set of utilities and Java support
    classes for running Java applications as server processes. These are
    commonly known as 'daemon' processes in Unix terminology (hence the
    name). On Windows they are called 'services'.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-daemon/commons-daemon/1.3.1/commons-daemon-1.3.1.jar
MD5: 5db8f0303a00c958ac9b007488ef9a66
SHA1: b6b9b8de9c24344f2fa99eaa4f9309b8073cb1fe
SHA256:281fbc13a45c4494bf2933030940de0b9fe6e61bb228620be5a9a7e0866b9fb4
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-dbcp-1.4.jar

Description:

Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-dbcp/commons-dbcp/1.4/commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
SHA256:a6e2d83551d0e5b59aa942359f3010d35e79365e6552ad3dbaa6776e4851e4f6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-dbcp2-2.9.0.jar

Description:

Apache Commons DBCP software implements Database Connection Pooling

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-dbcp2/2.9.0/commons-dbcp2-2.9.0.jar
MD5: c2a72212a55d105b0eaeaab26557e6e7
SHA1: 16d808749cf3dac900c073dd834b5e288562a59c
SHA256:887720912c5cbbcdff6e0e21d5034937555f8ffc597381eff8fa77f33ce6d64e
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-exec-1.3.jar

Description:

Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256:cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-io-2.11.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar
MD5: 3b4b7ccfaeceeac240b804839ee1a1ca
SHA1: a2503f302b11ebde7ebc3df41daebe0e4eea3689
SHA256:961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-net-3.8.0-ftp.jar

File Path: /home/frederic/.m2/repository/commons-net/commons-net/3.8.0/commons-net-3.8.0-ftp.jar
MD5: dafc9847e0fb7ead805882566b2dfb39
SHA1: c29422171d4a33027f42776695e7d3c2f174a184
SHA256:da36129a7f0762acc717cb07699f6fb642145c1f6dbf977ae0db70db80634dec
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-pool-1.6.jar

Description:

Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256:46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

commons-pool2-2.11.1.jar

Description:

The Apache Commons Object Pooling Library.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/commons/commons-pool2/2.11.1/commons-pool2-2.11.1.jar
MD5: 2210a041929e7c94485d5402458340b9
SHA1: 8970fd110c965f285ed4c6e40be7630c62db6f68
SHA256:ea0505ee7515e58b1ac0e686e4d1a5d9f7d808e251a61bc371aa0595b9963f83
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

dom4j-2.1.3.jar

Description:

flexible XML framework for Java

License:

BSD 3-clause New License: https://github.com/dom4j/dom4j/blob/master/LICENSE
File Path: /home/frederic/.m2/repository/org/dom4j/dom4j/2.1.3/dom4j-2.1.3.jar
MD5: 41efcf234c5a05a8c590f9b51d53ca66
SHA1: a75914155a9f5808963170ec20653668a2ffd2fd
SHA256:549f3007c6290f6a901e57d1d331b4ed0e6bf7384f78bf10316ffceeca834de6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

error_prone_annotations-2.11.0.jar

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
MD5: 656ad66261b7e7ea472ed0ffeea773ea
SHA1: c5a0ace696d3f8b1c1d8cc036d8c03cc0cbe6b69
SHA256:721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

ftp4j-1.7.2.jar

Description:

POM was created from install:install-file

File Path: /home/frederic/.m2/repository/it/sauronsoftware/ftp4j/1.7.2/ftp4j-1.7.2.jar
MD5: 9b5971848287cbe7b44cbd65030bb8a6
SHA1: abd6a2ba75b142926052c4538611efda49e0b0e2
SHA256:af8093a956cc5fc7289e72607b7ece2325db292b1ab7cf728dc876d3ad69061d
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

guava-31.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
MD5: e37782d974104aa3b0a7bee9927c8042
SHA1: 60458f877d055d0c9114d9e1a2efb737b4bc282c
SHA256:a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

h2-1.4.200.jar

Description:

H2 Database Engine

License:

MPL 2.0 or EPL 1.0: https://h2database.com/html/license.html
File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar
MD5: 18c05829a03b92c0880f22a3c4d1d11d
SHA1: f7533fe7cb8e99c87a43d325a77b4b678ad9031a
SHA256:3ad9ac4b6aae9cd9d3ac1c447465e1ed06019b851b893dd6a8d76ddb6d85bca6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2021-23463  

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2021-42392  

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CWE-502 Deserialization of Untrusted Data

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

CVE-2022-23221  

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions:

h2-1.4.200.jar: data.zip: table.js

File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 0e4b062032d1a5ea21b7ad0d878d3c31
SHA1: c5efb4c787ace5210d545d68742f415d28a61bdc
SHA256:0e1bf9d8833063242e13836bd0fca607763676308acf8b6e6992e7d7d8008d45
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

  • None

h2-1.4.200.jar: data.zip: tree.js

File Path: /home/frederic/.m2/repository/com/h2database/h2/1.4.200/h2-1.4.200.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: 98225c0658feee5efb09b28c76e25884
SHA1: 6b84951f0a2febfbb1046e768d12f784047ce48c
SHA256:e9ee4656df4c1db81dcf20b7dcdcf08701c3b63f929ae8d8af69c334212c169e
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

  • None

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /home/frederic/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

httpcore-4.4.15.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /home/frederic/.m2/repository/org/apache/httpcomponents/httpcore/4.4.15/httpcore-4.4.15.jar
MD5: be7c67929df007fcac6c8eff5322d3a0
SHA1: 7f2e0c573eaa7a74bac2e89b359e1f73d92a0a1d
SHA256:3cbaed088c499a10f96dde58f39dc0e7985171abd88138ca1655a872011bb142
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

j2objc-annotations-1.3.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
MD5: 5fa4ec4ec0c5aa70af8a7d4922df1931
SHA1: ba035118bc8bac37d7eff77700720999acd9986d
SHA256:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jackson-core-2.13.3.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3.jar
MD5: 9a6679e6a2f7d601a9f212576fda550c
SHA1: a27014716e4421684416e5fa83d896ddb87002da
SHA256:ab119a8ea3cc69472ebc0e870b849bfbbe536ad57d613dc38453ccd592ca6a3d
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jackson-databind-2.13.3.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar
MD5: e35e2adf33b2eed8e9f538a911244175
SHA1: 56deb9ea2c93a7a556b3afbedd616d342963464e
SHA256:6444bf08d8cd4629740afc3db1276938f494728deb663ce585c4e91f6b45eb84
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jackson-dataformat-smile-2.13.3.jar

Description:

Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model)

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.13.3/jackson-dataformat-smile-2.13.3.jar
MD5: 7212ca980fa8a552a9bed9eb4a3e64dc
SHA1: b4e03e361e2388e3a8a0b68e3b9988d3a07ee3f3
SHA256:32d4ff882ce88d8f0ac87a04710d60bc2ec1f90ad80da53f0d80fd9477879fb4
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jackson-module-jaxb-annotations-2.13.3.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations,
for configuring data-binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.13.3/jackson-module-jaxb-annotations-2.13.3.jar
MD5: 094751331b23fbd1cbd8a1bcece192ff
SHA1: 1dba7b89605c64026f60ccf1116d3766039fcab0
SHA256:fdf14156e6ea561f8ae8e23a896bf79ad8a8fcf1aa52190b2acc565418848898
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jakarta.activation-api-1.2.2.jar

Description:

Jakarta Activation API jar

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/frederic/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar
MD5: 1cbb480310fa1987f9db7a3ed7118af7
SHA1: 99f53adba383cb1bf7c3862844488574b559621f
SHA256:a187a939103aef5849a7af84bd7e27be2d120c410af291437375ffe061f4f09d
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jakarta.inject-2.6.1.jar

Description:

Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/org/glassfish/hk2/external/jakarta.inject/2.6.1/jakarta.inject-2.6.1.jar
MD5: 4d7c80a1e3cd54531af03bef4537f7af
SHA1: 8096ebf722902e75fbd4f532a751e514f02e1eb7
SHA256:5e88c123b3e41bca788b2683118867d9b6dec714247ea91c588aed46a36ee24f
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jakarta.ws.rs-api-2.1.6.jar

Description:

Jakarta RESTful Web Services API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/2.1.6/jakarta.ws.rs-api-2.1.6.jar
MD5: c3892382aeb5c54085b22b1890511d29
SHA1: 1dcb770bce80a490dff49729b99c7a60e9ecb122
SHA256:4cea299c846c8a6e6470cbfc2f7c391bc29b9caa2f9264ac1064ba91691f4adf
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jakarta.xml.bind-api-2.3.3.jar

Description:

Jakarta XML Binding API 2.3 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/frederic/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar
MD5: 61286918ca0192e9f87d1358aef718dd
SHA1: 48e3b9cfc10752fba3521d6511f4165bea951801
SHA256:c04539f472e9a6dd0c7685ea82d677282269ab8e7baca2e14500e381e0c6cec5
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

javasysmon-0.3.6.jar

Description:

Artifactory auto generated POM

File Path: /home/frederic/.m2/repository/javasysmon/javasysmon/0.3.6/javasysmon-0.3.6.jar
MD5: 769d7e1c06277aceb34b5ccbf681be17
SHA1: 808e60b1cf74b37d18374668844228bd9e6a5b28
SHA256:e7f97c4a75719c2ecd8e5159bd05e9278bf1c6d48139099828ab594be5ba45d7
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

javax.activation-1.2.0.jar

Description:

JavaBeans Activation Framework

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /home/frederic/.m2/repository/com/sun/activation/javax.activation/1.2.0/javax.activation-1.2.0.jar
MD5: be7c430df50b330cffc4848a3abedbfb
SHA1: bf744c1e2776ed1de3c55c8dac1057ec331ef744
SHA256:993302b16cd7056f21e779cc577d175a810bb4900ef73cd8fbf2b50f928ba9ce
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

javax.activation-api-1.2.0.jar

Description:

JavaBeans Activation Framework API jar

License:

https://github.com/javaee/activation/blob/master/LICENSE.txt
File Path: /home/frederic/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar
MD5: 5e50e56bcf4a3ef3bc758f69f7643c3b
SHA1: 85262acf3ca9816f9537ca47d5adeabaead7cb16
SHA256:43fdef0b5b6ceb31b0424b208b930c74ab58fac2ceeb7b3f6fd3aeb8b5ca4393
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

javax.ws.rs-api-2.1.1.jar

Description:

Java API for RESTful Web Services

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.jar
MD5: 23b81452f9e2076ffefede649975b0d1
SHA1: d3466bc9321fe84f268a1adb3b90373fc14b0eb5
SHA256:2c309eb2c9455ffee9da8518c70a3b6d46be2a269b2e2a101c806a537efe79a4
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2008-7271  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2010-4647  

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

jaxb-api-2.3.1.jar

Description:

JAXB (JSR 222) API

License:

https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: /home/frederic/.m2/repository/javax/xml/bind/jaxb-api/2.3.1/jaxb-api-2.3.1.jar
MD5: bcf270d320f645ad19f5edb60091e87f
SHA1: 8531ad5ac454cc2deb9d4d32c40c4d7451939b5d
SHA256:88b955a0df57880a26a74708bc34f74dcaf8ebf4e78843a28b50eae945732b06
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-core-2.3.0.1.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.5)

File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-core/2.3.0.1/jaxb-core-2.3.0.1.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: 5cd5eb6603c2a85e6fa5395bb7dfb6cd
SHA1: 42f3cf2e2a9547f73f08a3d551064211888cc37c
SHA256:fb892aff4c68f0efc4756c97112e044cdd44e73276d3641f9cc1d6ba3c1366e6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-core-2.3.0.1.jar (shaded: org.glassfish.jaxb:txw2:2.3.0.1)

Description:

        TXW is a library that allows you to write XML documents.

File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-core/2.3.0.1/jaxb-core-2.3.0.1.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 05fabdd139d5209694d934d1fa62f245
SHA1: cb8726ed28d9e2a999d2771c6c2b272a2cf1d434
SHA256:38b91b6e93dbe1b4b73464a563545bb6213cc09947fa43bffaafb397379ccbe1
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-core-2.3.0.1.jar

Description:

Old JAXB Core module. Contains sources required by XJC, JXC and Runtime modules with dependencies.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-core/2.3.0.1/jaxb-core-2.3.0.1.jar
MD5: 1025d4fdc74ea30f15f06203ed9cdf2d
SHA1: 23574ca124d0a694721ce3ef13cd720095f18fdd
SHA256:d2ecba63615f317a11fb55c6468f6a9480f6411c10951d9881bafd9a9a8d0467
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-impl-2.3.6.jar (shaded: com.sun.istack:istack-commons-runtime:3.0.12)

File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.6/jaxb-impl-2.3.6.jar/META-INF/maven/com.sun.istack/istack-commons-runtime/pom.xml
MD5: 9d8f7084ed77f330e8168857ae6f4a9f
SHA1: 904160116fd6cdc3ae6beb08ab087046ecab2bdb
SHA256:83fdaf19ae0538e9e6b3cdde3d04d13be3969f490824a27decc80f21d604dfb6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-impl-2.3.6.jar (shaded: org.glassfish.jaxb:jaxb-runtime:2.3.6)

Description:

JAXB (JSR 222) Reference Implementation

File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.6/jaxb-impl-2.3.6.jar/META-INF/maven/org.glassfish.jaxb/jaxb-runtime/pom.xml
MD5: 99a5745302941542f7a59f10d6b0c5ce
SHA1: f6efb566b9b50e863c071048f9fc182287ae934d
SHA256:6d026c6657f6bbc1183e16793559eeda3b86022cf04da477bc8db2fad7384204
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-impl-2.3.6.jar (shaded: org.glassfish.jaxb:txw2:2.3.6)

Description:

        TXW is a library that allows you to write XML documents.

File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.6/jaxb-impl-2.3.6.jar/META-INF/maven/org.glassfish.jaxb/txw2/pom.xml
MD5: 2b96bb0e6763bf84bfe3b3074b1b3ffc
SHA1: 5853cbc3bf84a0f14091765572f9f3251e5c7d98
SHA256:4b5de868cc16c92ad306b47effa1b91d48064dc01f185c7aa22b164e2293399f
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxb-impl-2.3.6.jar

Description:

Old JAXB Runtime module. Contains sources required for runtime processing.

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/frederic/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.6/jaxb-impl-2.3.6.jar
MD5: dd03551237ce80b1f8359a7657a70453
SHA1: 9614f6c0cfad418a2e91a2b2b5cb98b0a1fcbd03
SHA256:5f02b1c45f8193ffa3798f5575ab6244c9ac2a7db4638040939680e994438422
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jaxen-1.2.0.jar

Description:

Jaxen is a universal XPath engine for Java.

License:

BSD License 2.0: https://raw.githubusercontent.com/jaxen-xpath/jaxen/master/LICENSE.txt
File Path: /home/frederic/.m2/repository/jaxen/jaxen/1.2.0/jaxen-1.2.0.jar
MD5: c32cf69356254b8f5050fce6e86358e9
SHA1: c10535a925bd35129a4329bc75065cc6b5293f2c
SHA256:70feef9dd75ad064def05a3ce8975aeba515ee7d1be146d12199c8828a64174c
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jcl-over-slf4j-1.7.36.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.36/jcl-over-slf4j-1.7.36.jar
MD5: 8065610cde33ed9fd5d34367912c1938
SHA1: d877e195a05aca4a2f1ad2ff14bfec1393af4b5e
SHA256:ab57ca8fd223772c17365d121f59e94ecbf0ae59d08c03a3cb5b81071c019195
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jersey-common-2.35.jar

Description:

Jersey core common packages

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
The GNU General Public License (GPL), Version 2, With Classpath Exception: https://www.gnu.org/software/classpath/license.html
Apache License, 2.0: http://www.apache.org/licenses/LICENSE-2.0.html
Public Domain: https://creativecommons.org/publicdomain/zero/1.0/
File Path: /home/frederic/.m2/repository/org/glassfish/jersey/core/jersey-common/2.35/jersey-common-2.35.jar
MD5: a0b9a2cea9ecbaf2170ed0757020ed05
SHA1: 2f15ec1b3a3598d6b12d4b0c6ff6f0905f5e5b4c
SHA256:48f3d25c7f57c8feaad88143854ad37807b24a7701c739120b967dd37f382c8f
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

joda-time-2.10.14.jar

Description:

Date and time library to replace JDK date handling

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/joda-time/joda-time/2.10.14/joda-time-2.10.14.jar
MD5: fce26984e39110b9a3db5ad86caf5811
SHA1: e021f98e50c99ac21796c7ee35eb62a737489127
SHA256:d65b4f127d36cf52b9b7b439552db22f3de92b892014512870cb3c98a3cf505e
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

jul-to-slf4j-1.7.36.jar

Description:

JUL to SLF4J bridge

File Path: /home/frederic/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar
MD5: 2a3fe73e6cafe8f102facaf2dd65353f
SHA1: ed46d81cef9c412a88caef405b58f93a678ff2ca
SHA256:9e641fb142c5f0b0623d6222c09ea87523a41bf6bed48ac79940724010b989de
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

libthrift-0.9.3-1.jar

Description:

Thrift is a software framework for scalable cross-language services development.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/thrift/libthrift/0.9.3-1/libthrift-0.9.3-1.jar
MD5: f30409cddd2782337118521abeee12c9
SHA1: 92967e32d04fd862eb679324a5c516810a5b2a28
SHA256:6837cd6009b8401ce7ef0dcccc80c30148265f7e97cd31dc33b278a268e9471b
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2018-11798  

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
CWE-538 File and Directory Information Exposure

CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2018-1320  

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
CWE-295 Improper Certificate Validation

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-0205  

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv2:
  • Base Score: HIGH (7.8)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-0210  

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
CWE-125 Out-of-bounds Read

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13949  

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /home/frederic/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

log4j-core-2.18.0.jar

Description:

The Apache Log4j Implementation

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/logging/log4j/log4j-core/2.18.0/log4j-core-2.18.0.jar
MD5: 8869945da3b66916542b9fdd2e2605f2
SHA1: 07c1882ede137548925eadb750615edab2f6e13c
SHA256:ec7a23bfaf4d8ddf3394671561dd4a0f35b69d6fa6918734e3e8bc4066f741c4
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

log4j-over-slf4j-1.7.36.jar

Description:

Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.36/log4j-over-slf4j-1.7.36.jar
MD5: 84f330e9fc7173791d253773b3575a63
SHA1: 2a753acda077203a4794f106871bb237501c9a53
SHA256:0a7e032bf5bcdd5b2bf8bf2e5cf02c5646f2aa6fee66933b8150dbe84e651e8a
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

log4j-to-slf4j-2.18.0.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.18.0/log4j-to-slf4j-2.18.0.jar
MD5: d0baa808c10f8220aa8be828eabd8e33
SHA1: 8a38109b74e2ad2b827aa4a93e2f3517d7f4f785
SHA256:bd32d0de5cc4aad2c69886921d16416f8d5f28344bbbd6bfcd21ac3a22387686
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

logback-core-1.2.11.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /home/frederic/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar
MD5: 115da115b5e66ef64e774ec35af1fb1a
SHA1: a01230df5ca5c34540cdaa3ad5efb012f1f1f792
SHA256:6ce1e9397be8298a2e99029f55f955c6fa3cef255171c554d0b9c201cffd0159
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

mariadb-java-client-3.0.6.jar

Description:

JDBC driver for MariaDB and MySQL

License:

LGPL-2.1
File Path: /home/frederic/.m2/repository/org/mariadb/jdbc/mariadb-java-client/3.0.6/mariadb-java-client-3.0.6.jar
MD5: 8510ca8e59707e55b8d0db37066ef7a6
SHA1: d1814fe919474634fdac22749bc87120a2178629
SHA256:977ca7980b777b5aa8d32678204296a108f3eacbc4f210887e39b19869fad0d3
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2020-28912  

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46666  

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
CWE-617 Reachable Assertion

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46667  

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
CWE-190 Integer Overflow or Wraparound

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2021-46669  

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CWE-416 Use After Free

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27382  

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
CWE-617 Reachable Assertion

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27385  

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27444  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27446  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-27449  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27452  

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions:

CVE-2022-31621  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-667 Improper Locking

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31622  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-404 Improper Resource Shutdown or Release

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31623  

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-667 Improper Locking

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2022-31624  

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
CWE-404 Improper Resource Shutdown or Release

CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

mysql-connector-java-8.0.20.jar

Description:

JDBC Type 4 driver for MySQL

License:

The GNU General Public License, v2 with FOSS exception
File Path: /home/frederic/.m2/repository/mysql/mysql-connector-java/8.0.20/mysql-connector-java-8.0.20.jar
MD5: 48d69b9a82cbe275af9e45cb80f6b15f
SHA1: d8d388e71c823570662a45dd33f4284141921280
SHA256:56a42553b516660ae0bcd08f7f4f5f375294afbd62200d6c0c88a8c61c668ede
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2021-2471 (OSSINDEX)  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

CVSSv2:
  • Base Score: MEDIUM (5.9)
  • Vector: /AV:N/AC:H/Au:/C:H/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:8.0.20:*:*:*:*:*:*:*

CVE-2022-21363 (OSSINDEX)  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
CWE-310 Cryptographic Issues

CVSSv2:
  • Base Score: MEDIUM (6.6)
  • Vector: /AV:N/AC:H/Au:/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:8.0.20:*:*:*:*:*:*:*

netty-common-4.1.78.Final.jar (shaded: org.jctools:jctools-core:3.1.0)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/io/netty/netty-common/4.1.78.Final/netty-common-4.1.78.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 08e7326c64d7fd6ae4ea32e7eb4e5b79
SHA1: 9deceaba814dea198202b04fe0eec0d2dbf69ea9
SHA256:acaf1b4c366f6794a734288a2c003f16af90a9c479cf4d7daade689764e4fb47
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

netty-http-java6-1.5.0.jar

Description:

Waarp shaded jar for Netty HTTP Router for Java 6

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/Waarp/netty-http-java6/1.5.0/netty-http-java6-1.5.0.jar
MD5: 8bd4625251bc07afb2c7f92155a44133
SHA1: 0ef8c8a06368b232560bbaf03a7c4bac6b6247da
SHA256:62d74c6de08685ce0817b4db1cde6b2c17cd99364413df648dca137b80e6231c
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

netty-tcnative-classes-2.0.53.Final.jar

Description:

    A Mavenized fork of Tomcat Native which incorporates various patches. This artifact is dynamically linked
    to OpenSSL and Apache APR.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/io/netty/netty-tcnative-classes/2.0.53.Final/netty-tcnative-classes-2.0.53.Final.jar
MD5: 2e30cfe846ce7c86a4a15aa0b5d6c65d
SHA1: eee53d9a6e6bd582752d7a5e287c7888679b9f98
SHA256:9990404beb0b70d97d2bd90a95ef755cea6436ebe0cb7b7cd5c913b994c57aab
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

netty-transport-4.1.78.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/frederic/.m2/repository/io/netty/netty-transport/4.1.78.Final/netty-transport-4.1.78.Final.jar
MD5: c73f2c40376739f857be3da776ca7b40
SHA1: b1639d431e43622d6cbfdd45c30d3fb810fa9101
SHA256:153ee99931f6d6ba8a6d66d74cbb73371bd46c546b0707d7d37af1264a3deaf2
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

ojdbc6-11.2.0.4.jar

Description:

Oracle JDBC Driver compatible with JDK6, JDK7, and JDK8

License:

Oracle Free Use Terms and Conditions (FUTC)
File Path: /home/frederic/.m2/repository/com/oracle/database/jdbc/ojdbc6/11.2.0.4/ojdbc6-11.2.0.4.jar
MD5: 76852c42c44401f44d26319a74e55f5b
SHA1: a483a046eee2f404d864a6ff5b09dc0e1be3fe6c
SHA256:e70213917b5f0d7448072836da07c709930b89dd4b0cc14a1eef814836747900
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2016-3506  

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

osgi-resource-locator-1.0.3.jar

Description:

Used by various API providers that rely on META-INF/services mechanism to locate providers.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html
File Path: /home/frederic/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.3/osgi-resource-locator-1.0.3.jar
MD5: e7e82b82118c5387ae45f7bf3892909b
SHA1: de3b21279df7e755e38275137539be5e2c80dd58
SHA256:aab5d7849f7cfcda2cc7c541ba1bd365151d42276f151c825387245dfde3dd74
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

postgresql-42.4.0.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /home/frederic/.m2/repository/org/postgresql/postgresql/42.4.0/postgresql-42.4.0.jar
MD5: c422ffa6eb00ea92d11cbff4a7ce27b2
SHA1: 21ff952426bbfe4a041c175407333d4a07c70931
SHA256:fe25b9c0a2c59458504ec88862853df522ee87f8a02564835d537c29ae4cb125
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

protobuf-java-3.6.1.jar

Description:

    Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
    efficient yet extensible format.

License:

https://opensource.org/licenses/BSD-3-Clause
File Path: /home/frederic/.m2/repository/com/google/protobuf/protobuf-java/3.6.1/protobuf-java-3.6.1.jar
MD5: 17b60a7d277343a16fe881d18adecc0b
SHA1: 0d06d46ecfd92ec6d0f3b423b4cd81cb38d8b924
SHA256:fb66d913ff0578553b2e28a3338cbbbe2657e6cfe0e98d939f23aea219daf508
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2021-22569  

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/frederic/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

snmp4j-2.8.12.jar

Description:

SNMP API for Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/snmp4j/snmp4j/2.8.12/snmp4j-2.8.12.jar
MD5: e5df7e4bb7507966bca01622028c98c6
SHA1: aabb165e3c5331d95dc0b83c595a1fd58fb73dcc
SHA256:991ad266a25a7d64b2e7bb8113a52d5e4aaca7d0a1c114ceb3fa188ac8530c76
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

snmp4j-agent-2.7.4.jar

Description:

SNMP-Agent API for Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/org/snmp4j/snmp4j-agent/2.7.4/snmp4j-agent-2.7.4.jar
MD5: 5ec2da98ce27e855379b01ff4eb2ecf2
SHA1: e53bf38be4f8f4806c6609c54cc183e87f974689
SHA256:60333c9fd1c2a355aead15f7dd10d98ce70a0eb5b47b0c98b1727d5451cf1d7d
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

ucp-11.2.0.4.jar

Description:

Oracle Universal Connection Pool (UCP)

License:

Oracle Free Use Terms and Conditions (FUTC)
File Path: /home/frederic/.m2/repository/com/oracle/database/jdbc/ucp/11.2.0.4/ucp-11.2.0.4.jar
MD5: 4c0bbd1748cd5794a5d27800a0cdb558
SHA1: 5520b4e492939b477cc9ced90c03bc72710dcaf3
SHA256:32be78083c6cfbffb67690309b7c55a018aeeca07ad71d1518446973e31bb3a6
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2016-3506  

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

xercesImpl-2.12.2.jar

Description:

      Xerces2 provides high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces continues to build upon the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

      The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.

      Xerces2 provides fully conforming XML Schema 1.0 and 1.1 processors. An experimental implementation of the "XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010)" is also provided for evaluation. For more information, refer to the XML Schema page.

      Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.

      Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar
MD5: 40e4f2d5aacfbf51a9a1572d77a0e5e9
SHA1: f051f988aa2c9b4d25d05f95742ab0cc3ed789e2
SHA256:6fc991829af1708d15aea50c66f0beadcd2cfeb6968e0b2f55c1b0909883fe16
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

CVE-2017-10355 (OSSINDEX)  

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS)

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
CWE-833 Deadlock

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*

xml-apis-1.4.01.jar

Description:

xml-commons provides an Apache-hosted set of DOM, SAX, and 
    JAXP interfaces for use in other xml-based projects. Our hope is that we 
    can standardize on both a common version and packaging scheme for these 
    critical XML standards interfaces to make the lives of both our developers 
    and users easier. The External Components portion of xml-commons contains 
    interfaces that are defined by external standards organizations. For DOM, 
    that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for 
    JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: /home/frederic/.m2/repository/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
SHA256:a840968176645684bb01aed376e067ab39614885f9eee44abe35a5f20ebe7fad
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

xmlresolver-4.2.0-data.jar

File Path: /home/frederic/.m2/repository/org/xmlresolver/xmlresolver/4.2.0/xmlresolver-4.2.0-data.jar
MD5: 3e0a7bf59e8a9c9dbd2453d40087a598
SHA1: f4dbdaa83d636dcac91c9003ffa7fb173173fe8d
SHA256:0d2395c0811910ddaff0df08626d6f5bffa3de3e8e699bc93e561d6509d9e53e
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

xmlresolver-4.2.0.jar

Description:

An XML entity/uri resolver

License:

Apache License version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/frederic/.m2/repository/org/xmlresolver/xmlresolver/4.2.0/xmlresolver-4.2.0.jar
MD5: 516632c36a588b5fb2d2d396f14ea6a0
SHA1: ca688294a04abf7177e77add64ce6b8775333711
SHA256:734f37f9e43124ea4a9ce09f754ffd095167822cbe68e9244f17db02a2f9e11f
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

zjsonpatch-0.4.12.jar

Description:

Java Library to find / apply JSON Patches according to RFC 6902

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/frederic/.m2/repository/com/flipkart/zjsonpatch/zjsonpatch/0.4.12/zjsonpatch-0.4.12.jar
MD5: 13538432fe75a02d5549ccd6d730cb83
SHA1: 9783037290ba3b7e95e2e7b57183f159d6256271
SHA256:4958706ebdd8cc6250b16393ee20ff9e5c8bdc5820b5dee73f7f4fa70866d23c
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers

zstd-jni-1.5.2-3.jar

Description:

JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.

License:

BSD 2-Clause License: https://opensource.org/licenses/BSD-2-Clause
File Path: /home/frederic/.m2/repository/com/github/luben/zstd-jni/1.5.2-3/zstd-jni-1.5.2-3.jar
MD5: e5b599a438f1b38142bf7c6568285b88
SHA1: f52de0603f31798455e48bd90e10a8f888dd6d93
SHA256:925dc4ffa72ac8764dfdfebe07733e44f1a7e18fd5c77c343236745760aae717
Referenced In Project/Scope:Waarp Gateway Ftp:compile

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.