Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU86857
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1938
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 40
xz-java: before 1.9-10.fc40
xstream: before 1.4.20-6.fc40
xmvn-generator: before 1.2.2-3.fc40
xmvn-connector-ivy: before 4.0.0-3.fc40
xmvn: before 4.2.0-8.fc40
xmlunit: before 2.9.0-11.fc40
xmlstreambuffer: before 2.1.0-5.fc40
xmlpull: before 1.2.0-9.fc40
xmlgraphics-commons: before 2.9-3.fc40
xml-maven-plugin: before 1.1.0-3.fc40
xml-commons-resolver: before 1.2-44.fc40
xml-commons-apis: before 1.4.01-46.fc40
xerces-j2: before 2.12.2-10.fc40
xbean: before 4.24-3.fc40
xalan-j2: before 2.7.3-3.fc40
wsdl4j: before 1.6.3-30.fc40
ws-commons-util: before 1.0.2-24.fc40
will-crash: before 0.13.5-6.fc40
weld-parent: before 46-7.fc40
voms-clients-java: before 3.3.2-13.fc40
voms-api-java: before 3.3.2-16.fc40
velocity: before 2.3-5.fc40
vecmath1.2: before 1.14-36.fc40
univocity-parsers: before 2.9.1-13.fc40
truth: before 1.0.1-11.fc40
trilead-ssh2: before 217.21-13.fc40
treelayout: before 1.0.3-23.fc40
tomcat-taglibs-parent: before 3-24.fc40
tomcat-native: before 1.2.36-4.fc40
tomcat: before 9.0.83-3.fc40
testng: before 7.8.0-5.fc40
tagsoup: before 1.2.1-32.fc40
t-digest: before 3.2-8.fc40
swing-layout: before 1.0.4-30.fc40
subversion: before 1.14.3-5.fc40
string-template-maven-plugin: before 1.1-13.fc40
spice-parent: before 26-24.fc40
spec-version-maven-plugin: before 2.2-3.fc40
snip: before 0.11-25.fc40
snakeyaml: before 1.33-3.fc40
slf4j: before 1.7.32-12.fc40
sisu-mojos: before 0.9.0~M2-4.fc40
sisu: before 0.3.5-13.fc40
sequence-library: before 1.0.3-18.fc40
sdljava: before 0.9.1-62.fc40
scannotation: before 1.0.3-0.33.r12.fc40
scala: before 2.13.12-7.fc40
sblim-cim-client: before 1.3.9.3-34.fc40
sat4j: before 2.3.5-30.fc40
sac: before 1.3-46.fc40
rundoc: before 0.11-25.fc40
rsyntaxtextarea: before 3.1.3-11.fc40
rstudio: before 2023.12.1+402-2.fc40
rhino: before 1.7.14-10.fc40
replacer: before 1.6-30.fc40
relaxng-datatype-java: before 2011.1-4.fc40
regexp: before 1.5-48.fc40
reflections: before 0.9.12-17.fc40
qdox: before 2.1.0-3.fc40
python-javaobj: before 0.4.3-12.fc40
prometheus-simpleclient-java: before 0.12.0-11.fc40
prometheus-jmx-exporter: before 0.16.1-13.fc40
proguard: before 6.2.2-5.fc40
postgresql-jdbc: before 42.7.1-4.fc40
plexus-xml: before 3.0.0-2.fc40
plexus-velocity: before 2.0-6.fc40
plexus-utils: before 3.5.1-8.fc40
plexus-testing: before 1.3.0-2.fc40
plexus-sec-dispatcher: before 2.0-14.fc40
plexus-resources: before 1.3.0-4.fc40
plexus-pom: before 16-3.fc40
plexus-languages: before 1.2.0-6.fc40
plexus-io: before 3.4.2-3.fc40
plexus-interpolation: before 1.27-3.fc40
plexus-i18n: before 1.0-0.31.b10.4.fc40
plexus-containers: before 2.2.0-3.fc40
plexus-components-pom: before 14.2-5.fc40
plexus-compiler: before 2.14.2-3.fc40
plexus-classworlds: before 2.8.0-3.fc40
plexus-cipher: before 2.0-11.fc40
plexus-build-api0: before 0.0.7-44.fc40
plexus-build-api: before 1.2.0-6.fc40
plexus-archiver: before 4.9.1-3.fc40
plantuml: before 1.2024.3-3.fc40
picocli: before 4.7.4-5.fc40
pentaho-reporting-flow-engine: before 0.9.4-35.fc40
pentaho-libxml: before 1.1.3-42.fc40
pdftk-java: before 3.3.3-6.fc40
pcfi: before 2010.08.09-30.20111103gitbd245c9.fc40
osgi-core: before 8.0.0-13.fc40
osgi-compendium: before 7.0.0-20.fc40
osgi-annotation: before 8.1.0-6.fc40
options: before 1.7-10.fc40
opentest4j: before 1.3.0-6.fc40
openni: before 1.5.7.10-33.fc40
openjfx8: before 8.0.202-40.b07.fc40
openjfx: before 17.0.11.0-2.fc40
openjdk-asmtools7: before 7.0.b10-0.11.20210610.gitf40a2c0.fc40
octave: before 8.4.0-6.fc40
objenesis: before 3.3-9.fc40
objectweb-asm: before 9.6-5.fc40
nom-tam-fits: before 1.15.2-22.fc40
nekohtml: before 1.9.22-26.fc40
naga: before 3.0-26.20200930git6f1e95d.fc40
mysql-connector-java: before 8.0.30-6.fc40
mxparser: before 1.2.2-10.fc40
msv: before 2022.7-4.fc40
mojo-parent: before 78-3.fc40
mojo-executor: before 2.4.0-9.fc40
modulemaker-maven-plugin: before 1.11-1.fc40
moditect: before 1.1.0-2.fc40
modello: before 2.1.2-6.fc40
mockito: before 5.8.0-5.fc40
miglayout: before 5.0-4.fc40
mecab-java: before 0.996-8.fc40
maven-wagon: before 3.5.3-7.fc40
maven-verifier-plugin: before 1.1-6.fc40
maven-verifier: before 2.0.0~M1-7.fc40
maven-surefire: before 3.2.2-5.fc40
maven-source-plugin: before 3.3.0-6.fc40
maven-shared-utils: before 3.4.2-7.fc40
maven-shared-io: before 3.0.0-25.fc40
maven-shared-incremental: before 1.1-33.fc40
maven-shade-plugin: before 3.5.1-4.fc40
maven-resources-plugin: before 3.3.1-6.fc40
maven-resolver: before 1.9.18-3.fc40
maven-remote-resources-plugin: before 3.1.0-6.fc40
maven-plugin-tools: before 3.9.0-6.fc40
maven-plugin-testing: before 3.3.0-33.fc40
maven-patch-plugin: before 1.2-27.fc40
maven-parent: before 41-5.fc40
maven-native: before 1.0-0.18.alpha.11.fc40
maven-jar-plugin: before 3.3.0-6.fc40
maven-filtering: before 3.3.1-6.fc40
maven-file-management: before 3.1.0-6.fc40
maven-enforcer: before 3.4.1-3.fc40
maven-doxia-sitetools: before 1.11.1-10.fc40
maven-doxia: before 1.12.0-7.fc40
maven-dependency-tree: before 3.2.1-6.fc40
maven-dependency-plugin: before 3.6.1-3.fc40
maven-dependency-analyzer: before 1.13.2-6.fc40
maven-compiler-plugin: before 3.12.1-3.fc40
maven-common-artifact-filters: before 3.3.2-6.fc40
maven-clean-plugin: before 3.3.2-4.fc40
maven-bundle-plugin: before 5.1.9-5.fc40
maven-assembly-plugin: before 3.6.0-6.fc40
maven-artifact-transfer: before 0.13.1-14.fc40
maven-archiver: before 3.6.1-6.fc40
maven-antrun-plugin: before 3.1.0-9.fc40
maven: before 3.9.6-5.fc40
mariadb-java-client: before 3.3.2-4.fc40
lucene: before 9.9.2-2.fc40
log4j: before 2.20.0-7.fc40
libvirt-java: before 0.4.9-29.fc40
libserializer: before 1.1.2-42.fc40
librepository: before 1.1.3-43.fc40
libreoffice: before 24.2.1.1-3.fc40
libloader: before 1.1.3-44.fc40
liblayout: before 0.2.10-36.fc40
libformula: before 1.1.3-43.fc40
libfonts: before 1.1.3-46.fc40
libbase: before 1.1.3-42.fc40
ldapjdk: before 5.5.0-2.fc40
laf-plugin: before 1.0-35.fc40
kawa: before 3.1.1-19.fc40
jzlib: before 1.1.3-30.fc40
junit5: before 5.10.2-3.fc40
junit: before 4.13.2-6.fc40
jtidy: before 1.0-0.45.20100930svn1125.fc40
jssc: before 2.8.0-30.fc40
jss: before 5.5.0-1.fc40.1
jsr-305: before 3.0.2-15.fc40
jsoup: before 1.17.2-2.fc40
json_simple: before 1.1.1-34.fc40
jsch-agent-proxy: before 0.0.8-25.fc40
jsch: before 0.1.55-16.fc40
jorbis: before 0.0.17-34.fc40
jolokia-jvm-agent: before 1.6.2-17.fc40
jol: before 0.17-5.fc40
jni-inchi: before 0.8-11.fc40
jneuroml-core: before 1.6.1-14.fc40
jna: before 5.14.0-4.fc40
jmock: before 2.12.0-16.fc40
jline2: before 2.14.6-12.fc40
jigawatts: before 0.2-0.12.202108276c78499.fc40
jgoodies-looks: before 2.7.0-11.fc40
jgoodies-forms: before 1.9.0-11.fc40
jgoodies-common: before 1.8.1-21.fc40
jglobus: before 2.1.0-35.fc40
jgit: before 6.1.0-9.fc40
jfreechart: before 1.5.4-5.fc40
jflex: before 1.7.0-18.fc40
jetty: before 9.4.40-11.fc40
jericho-html: before 3.3-30.fc40
jdom2: before 2.0.6.1-7.fc40
jdom: before 1.1.3-37.fc40
jdepend: before 2.10-10.fc40
jdeparser: before 2.0.3-17.fc40
jcuber: before 4.8-6.fc40
jctools: before 4.0.2-3.fc40
jcip-annotations: before 1-43.20060626.fc40
jchardet: before 1.1-34.fc40
jboss-parent: before 20-21.fc40
jboss-logging-tools: before 2.2.1-17.fc40
jboss-logging: before 3.5.3-5.fc40
jboss-jaxrs-2.0-api: before 1.0.0-27.fc40
jblas: before 1.2.5-15.fc40
jaxen: before 1.2.0-17.fc40
jaxb-stax-ex: before 2.1.0-8.fc40
jaxb-istack-commons: before 4.2.0-8.fc40
jaxb-fi: before 2.1.1-5.fc40
jaxb-dtd-parser: before 1.5.1-5.fc40
jaxb-api2: before 2.3.3-10.fc40
jaxb-api: before 4.0.1-5.fc40
jaxb: before 4.0.4-6.fc40
javassist: before 3.30.2-4.fc40
javaparser: before 3.25.8-3.fc40
javapackages-tools: before 6.2.0-9.fc40
javapackages-bootstrap: before 1.16.0-3.fc40
javaewah: before 1.1.13-10.fc40
javacc-maven-plugin: before 3.1.0-1.fc40
javacc: before 7.0.13-5.fc40
java_cup: before 0.11b-29.fc40
java-scrypt: before 1.4.0-24.fc40
java-jd-decompiler: before 1.1.3-8.fc40
java-diff-utils: before 4.12-7.fc40
java-21-openjdk: before 21.0.2.0.13-2.fc40
java-17-openjdk-portable: before 17.0.10.0.7-1.fc40.1
java-17-openjdk: before 17.0.10.0.7-2.fc40
java-11-openjdk-portable: before 11.0.22.0.7-1.fc40.1
java-11-openjdk: before 11.0.22.0.7-1.fc40.1
java-1.8.0-openjdk: before 1.8.0.402.b06-1.fc40.1
jansi1: before 1.18-21.fc40
jansi-native: before 1.8-18.fc40
jansi: before 2.4.1-3.fc40
jakarta-xml-ws: before 4.0.0-6.fc40
jakarta-servlet: before 5.0.0-18.fc40
jakarta-saaj: before 3.0.0-6.fc40
jakarta-oro: before 2.0.8-44.fc40
jakarta-mail: before 2.1.2-5.fc40
jakarta-json: before 2.1.3-4.fc40
jakarta-interceptors: before 2.0.0-12.fc40
jakarta-el: before 4.0.0-14.fc40
jakarta-annotations: before 1.3.5-22.fc40
jakarta-activation1: before 1.2.2-13.fc40
jakarta-activation: before 2.1.2-6.fc40
jacop: before 4.9.0-5.fc40
jackson-parent: before 2.16-4.fc40
jackson-modules-base: before 2.16.1-3.fc40
jackson-jaxrs-providers: before 2.16.1-3.fc40
jackson-databind: before 2.16.1-4.fc40
jackson-core: before 2.16.1-4.fc40
jackson-bom: before 2.16.1-3.fc40
jackson-annotations: before 2.16.1-3.fc40
jFormatString: before 0-0.49.20131227gitf159b88.fc40
imagej: before 1.54h-4.fc40
icu4j: before 74.2-4.fc40
icedtea-web: before 1.8.8-5.fc40
icecat: before 115.8.0-2.rh1.fc40
httpcomponents-project: before 13-6.fc40
httpcomponents-core: before 4.4.16-8.fc40
httpcomponents-client: before 4.5.14-8.fc40
hibernate-jpa-2.0-api: before 1.0.1-40.fc40
hawtjni: before 1.18-12.fc40
hamcrest: before 2.2-16.fc40
guava: before 32.1.3-5.fc40
google-guice: before 5.1.0-11.fc40
gnulib: before 0-50.20230709git.fc40
fusesource-pom: before 1.12-18.fc40
frysk: before 0.4-94.fc40
freerouting: before 1.3.1-17.fc40
freecol: before 1.1.0-4.fc40
forge-parent: before 38-28.fc40
fop: before 2.9-6.fc40
flute: before 1.3.0-37.OOo31.fc40
fishbowl: before 1.4.1-9.fc40
filedrop: before 1.1-24.fc40
fernflower: before 211.7442.40-11.fc40
felix-utils: before 1.11.8-9.fc40
felix-parent: before 8-5.fc40
fasterxml-oss-parent: before 58-2.fc40
extra-enforcer-rules: before 1.7.0-6.fc40
enjarify: before 1.0.3-35.fc40
ed25519-java: before 0.3.0-21.fc40
eclipse-swt: before 4.29-4.fc40
ecj: before 4.23-9.fc40
easymock: before 4.3-8.fc40
dogtag-pki: before 11.5.0-1.fc40.1
ditaa: before 0.10-24.fc40
disruptor: before 3.4.4-11.fc40
dirgra: before 0.4-12.fc40
directory-maven-plugin: before 0.3.1-15.fc40
diffoscope: before 257-2.fc40
decentxml: before 1.4-35.fc40
crypto-policies: before 20240201-2.git9f501f3.fc40
cryptlib: before 3.4.7-5.fc40
cortado: before 0.6.0-32.fc40
console-image-viewer: before 1.2-24.fc40
colossus: before 0.14.0-27.fc40
codehaus-parent: before 4-30.fc40
clojure-spec-alpha: before 0.3.218-8.fc40
clojure-maven-plugin: before 1.9.2-6.fc40
clojure-core-specs-alpha: before 0.2.62-8.fc40
clojure: before 1.11.1-8.fc40
classloader-leak-test-framework: before 2.7.0-8.fc40
chromium: before 122.0.6261.94-2.fc40
cglib: before 3.3.0-15.fc40
ceph: before 18.2.1-10.fc40
cdi-api: before 2.0.2-14.fc40
canl-java: before 2.8.3-5.fc40
cambozola: before 0.936-24.fc40
byteman: before 4.0.16-13.fc40
byte-buddy: before 1.14.2-8.fc40
build-helper-maven-plugin: before 3.5.0-4.fc40
bsh: before 2.1.0-12.fc40
bsf: before 2.4.0-54.fc40
brazil: before 2.3-36.fc40
bouncycastle: before 1.70-13.fc40
bolzplatz2006: before 1.0.3-58.fc40
beust-jcommander: before 1.82-9.fc40
beansbinding: before 1.2.1-36.fc40
bcel: before 6.8.1-3.fc40
batik: before 1.14-13.fc40
auto: before 1.6.1-10.fc40
atinject: before 1.0.5-12.fc40
assertj-core: before 3.24.2-8.fc40
args4j: before 2.33-26.fc40
aqute-bnd: before 6.3.1-10.fc40
apiguardian: before 1.1.2-12.fc40
apache-resource-bundles: before 1.5-7.fc40
apache-parent: before 31-5.fc40
apache-ivy: before 2.5.2-4.fc40
apache-commons-vfs: before 2.9.0-5.fc40
apache-commons-text: before 1.10.0-6.fc40
apache-commons-pool: before 1.6-37.fc40
apache-commons-parent: before 66-3.fc40
apache-commons-net: before 3.10.0-5.fc40
apache-commons-modeler: before 2.0.1-40.fc40
apache-commons-math: before 3.6.1-18.fc40
apache-commons-logging: before 1.3.0-5.fc40
apache-commons-lang3: before 3.14.0-5.fc40
apache-commons-jxpath: before 1.3-52.fc40
apache-commons-io: before 2.13.0-8.fc40
apache-commons-exec: before 1.3-31.fc40
apache-commons-digester: before 2.1-30.fc40
apache-commons-compress: before 1.25.0-5.fc40
apache-commons-collections4: before 4.4-15.fc40
apache-commons-collections: before 3.2.2-36.fc40
apache-commons-codec: before 1.16.0-7.fc40
apache-commons-cli: before 1.6.0-5.fc40
apache-commons-beanutils: before 1.9.4-19.fc40
aopalliance: before 1.0-39.fc40
antlrworks: before 1.5.2-29.fc40
antlr3: before 3.5.3-10.fc40
antlr: before 2.7.7-77.fc40
ant-antunit: before 1.4.1-11.fc40
ant: before 1.10.14-10.fc40
R-rJava: before 1.0.6-9.fc40
OpenStego: before 0.7.4-12.fc40
Mars: before 4.5-26.fc40
IPAddress: before 5.2.1-17.fc40
CardManager: before 3-29.fc40
CFR: before 0.151-16.fc40
BareBonesBrowserLaunch: before 3.1-33.fc40
External linkshttp://bodhi.fedoraproject.org/updates/FEDORA-2024-129d8ca6fc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86858
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1939
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 40
xz-java: before 1.9-10.fc40
xstream: before 1.4.20-6.fc40
xmvn-generator: before 1.2.2-3.fc40
xmvn-connector-ivy: before 4.0.0-3.fc40
xmvn: before 4.2.0-8.fc40
xmlunit: before 2.9.0-11.fc40
xmlstreambuffer: before 2.1.0-5.fc40
xmlpull: before 1.2.0-9.fc40
xmlgraphics-commons: before 2.9-3.fc40
xml-maven-plugin: before 1.1.0-3.fc40
xml-commons-resolver: before 1.2-44.fc40
xml-commons-apis: before 1.4.01-46.fc40
xerces-j2: before 2.12.2-10.fc40
xbean: before 4.24-3.fc40
xalan-j2: before 2.7.3-3.fc40
wsdl4j: before 1.6.3-30.fc40
ws-commons-util: before 1.0.2-24.fc40
will-crash: before 0.13.5-6.fc40
weld-parent: before 46-7.fc40
voms-clients-java: before 3.3.2-13.fc40
voms-api-java: before 3.3.2-16.fc40
velocity: before 2.3-5.fc40
vecmath1.2: before 1.14-36.fc40
univocity-parsers: before 2.9.1-13.fc40
truth: before 1.0.1-11.fc40
trilead-ssh2: before 217.21-13.fc40
treelayout: before 1.0.3-23.fc40
tomcat-taglibs-parent: before 3-24.fc40
tomcat-native: before 1.2.36-4.fc40
tomcat: before 9.0.83-3.fc40
testng: before 7.8.0-5.fc40
tagsoup: before 1.2.1-32.fc40
t-digest: before 3.2-8.fc40
swing-layout: before 1.0.4-30.fc40
subversion: before 1.14.3-5.fc40
string-template-maven-plugin: before 1.1-13.fc40
spice-parent: before 26-24.fc40
spec-version-maven-plugin: before 2.2-3.fc40
snip: before 0.11-25.fc40
snakeyaml: before 1.33-3.fc40
slf4j: before 1.7.32-12.fc40
sisu-mojos: before 0.9.0~M2-4.fc40
sisu: before 0.3.5-13.fc40
sequence-library: before 1.0.3-18.fc40
sdljava: before 0.9.1-62.fc40
scannotation: before 1.0.3-0.33.r12.fc40
scala: before 2.13.12-7.fc40
sblim-cim-client: before 1.3.9.3-34.fc40
sat4j: before 2.3.5-30.fc40
sac: before 1.3-46.fc40
rundoc: before 0.11-25.fc40
rsyntaxtextarea: before 3.1.3-11.fc40
rstudio: before 2023.12.1+402-2.fc40
rhino: before 1.7.14-10.fc40
replacer: before 1.6-30.fc40
relaxng-datatype-java: before 2011.1-4.fc40
regexp: before 1.5-48.fc40
reflections: before 0.9.12-17.fc40
qdox: before 2.1.0-3.fc40
python-javaobj: before 0.4.3-12.fc40
prometheus-simpleclient-java: before 0.12.0-11.fc40
prometheus-jmx-exporter: before 0.16.1-13.fc40
proguard: before 6.2.2-5.fc40
postgresql-jdbc: before 42.7.1-4.fc40
plexus-xml: before 3.0.0-2.fc40
plexus-velocity: before 2.0-6.fc40
plexus-utils: before 3.5.1-8.fc40
plexus-testing: before 1.3.0-2.fc40
plexus-sec-dispatcher: before 2.0-14.fc40
plexus-resources: before 1.3.0-4.fc40
plexus-pom: before 16-3.fc40
plexus-languages: before 1.2.0-6.fc40
plexus-io: before 3.4.2-3.fc40
plexus-interpolation: before 1.27-3.fc40
plexus-i18n: before 1.0-0.31.b10.4.fc40
plexus-containers: before 2.2.0-3.fc40
plexus-components-pom: before 14.2-5.fc40
plexus-compiler: before 2.14.2-3.fc40
plexus-classworlds: before 2.8.0-3.fc40
plexus-cipher: before 2.0-11.fc40
plexus-build-api0: before 0.0.7-44.fc40
plexus-build-api: before 1.2.0-6.fc40
plexus-archiver: before 4.9.1-3.fc40
plantuml: before 1.2024.3-3.fc40
picocli: before 4.7.4-5.fc40
pentaho-reporting-flow-engine: before 0.9.4-35.fc40
pentaho-libxml: before 1.1.3-42.fc40
pdftk-java: before 3.3.3-6.fc40
pcfi: before 2010.08.09-30.20111103gitbd245c9.fc40
osgi-core: before 8.0.0-13.fc40
osgi-compendium: before 7.0.0-20.fc40
osgi-annotation: before 8.1.0-6.fc40
options: before 1.7-10.fc40
opentest4j: before 1.3.0-6.fc40
openni: before 1.5.7.10-33.fc40
openjfx8: before 8.0.202-40.b07.fc40
openjfx: before 17.0.11.0-2.fc40
openjdk-asmtools7: before 7.0.b10-0.11.20210610.gitf40a2c0.fc40
octave: before 8.4.0-6.fc40
objenesis: before 3.3-9.fc40
objectweb-asm: before 9.6-5.fc40
nom-tam-fits: before 1.15.2-22.fc40
nekohtml: before 1.9.22-26.fc40
naga: before 3.0-26.20200930git6f1e95d.fc40
mysql-connector-java: before 8.0.30-6.fc40
mxparser: before 1.2.2-10.fc40
msv: before 2022.7-4.fc40
mojo-parent: before 78-3.fc40
mojo-executor: before 2.4.0-9.fc40
modulemaker-maven-plugin: before 1.11-1.fc40
moditect: before 1.1.0-2.fc40
modello: before 2.1.2-6.fc40
mockito: before 5.8.0-5.fc40
miglayout: before 5.0-4.fc40
mecab-java: before 0.996-8.fc40
maven-wagon: before 3.5.3-7.fc40
maven-verifier-plugin: before 1.1-6.fc40
maven-verifier: before 2.0.0~M1-7.fc40
maven-surefire: before 3.2.2-5.fc40
maven-source-plugin: before 3.3.0-6.fc40
maven-shared-utils: before 3.4.2-7.fc40
maven-shared-io: before 3.0.0-25.fc40
maven-shared-incremental: before 1.1-33.fc40
maven-shade-plugin: before 3.5.1-4.fc40
maven-resources-plugin: before 3.3.1-6.fc40
maven-resolver: before 1.9.18-3.fc40
maven-remote-resources-plugin: before 3.1.0-6.fc40
maven-plugin-tools: before 3.9.0-6.fc40
maven-plugin-testing: before 3.3.0-33.fc40
maven-patch-plugin: before 1.2-27.fc40
maven-parent: before 41-5.fc40
maven-native: before 1.0-0.18.alpha.11.fc40
maven-jar-plugin: before 3.3.0-6.fc40
maven-filtering: before 3.3.1-6.fc40
maven-file-management: before 3.1.0-6.fc40
maven-enforcer: before 3.4.1-3.fc40
maven-doxia-sitetools: before 1.11.1-10.fc40
maven-doxia: before 1.12.0-7.fc40
maven-dependency-tree: before 3.2.1-6.fc40
maven-dependency-plugin: before 3.6.1-3.fc40
maven-dependency-analyzer: before 1.13.2-6.fc40
maven-compiler-plugin: before 3.12.1-3.fc40
maven-common-artifact-filters: before 3.3.2-6.fc40
maven-clean-plugin: before 3.3.2-4.fc40
maven-bundle-plugin: before 5.1.9-5.fc40
maven-assembly-plugin: before 3.6.0-6.fc40
maven-artifact-transfer: before 0.13.1-14.fc40
maven-archiver: before 3.6.1-6.fc40
maven-antrun-plugin: before 3.1.0-9.fc40
maven: before 3.9.6-5.fc40
mariadb-java-client: before 3.3.2-4.fc40
lucene: before 9.9.2-2.fc40
log4j: before 2.20.0-7.fc40
libvirt-java: before 0.4.9-29.fc40
libserializer: before 1.1.2-42.fc40
librepository: before 1.1.3-43.fc40
libreoffice: before 24.2.1.1-3.fc40
libloader: before 1.1.3-44.fc40
liblayout: before 0.2.10-36.fc40
libformula: before 1.1.3-43.fc40
libfonts: before 1.1.3-46.fc40
libbase: before 1.1.3-42.fc40
ldapjdk: before 5.5.0-2.fc40
laf-plugin: before 1.0-35.fc40
kawa: before 3.1.1-19.fc40
jzlib: before 1.1.3-30.fc40
junit5: before 5.10.2-3.fc40
junit: before 4.13.2-6.fc40
jtidy: before 1.0-0.45.20100930svn1125.fc40
jssc: before 2.8.0-30.fc40
jss: before 5.5.0-1.fc40.1
jsr-305: before 3.0.2-15.fc40
jsoup: before 1.17.2-2.fc40
json_simple: before 1.1.1-34.fc40
jsch-agent-proxy: before 0.0.8-25.fc40
jsch: before 0.1.55-16.fc40
jorbis: before 0.0.17-34.fc40
jolokia-jvm-agent: before 1.6.2-17.fc40
jol: before 0.17-5.fc40
jni-inchi: before 0.8-11.fc40
jneuroml-core: before 1.6.1-14.fc40
jna: before 5.14.0-4.fc40
jmock: before 2.12.0-16.fc40
jline2: before 2.14.6-12.fc40
jigawatts: before 0.2-0.12.202108276c78499.fc40
jgoodies-looks: before 2.7.0-11.fc40
jgoodies-forms: before 1.9.0-11.fc40
jgoodies-common: before 1.8.1-21.fc40
jglobus: before 2.1.0-35.fc40
jgit: before 6.1.0-9.fc40
jfreechart: before 1.5.4-5.fc40
jflex: before 1.7.0-18.fc40
jetty: before 9.4.40-11.fc40
jericho-html: before 3.3-30.fc40
jdom2: before 2.0.6.1-7.fc40
jdom: before 1.1.3-37.fc40
jdepend: before 2.10-10.fc40
jdeparser: before 2.0.3-17.fc40
jcuber: before 4.8-6.fc40
jctools: before 4.0.2-3.fc40
jcip-annotations: before 1-43.20060626.fc40
jchardet: before 1.1-34.fc40
jboss-parent: before 20-21.fc40
jboss-logging-tools: before 2.2.1-17.fc40
jboss-logging: before 3.5.3-5.fc40
jboss-jaxrs-2.0-api: before 1.0.0-27.fc40
jblas: before 1.2.5-15.fc40
jaxen: before 1.2.0-17.fc40
jaxb-stax-ex: before 2.1.0-8.fc40
jaxb-istack-commons: before 4.2.0-8.fc40
jaxb-fi: before 2.1.1-5.fc40
jaxb-dtd-parser: before 1.5.1-5.fc40
jaxb-api2: before 2.3.3-10.fc40
jaxb-api: before 4.0.1-5.fc40
jaxb: before 4.0.4-6.fc40
javassist: before 3.30.2-4.fc40
javaparser: before 3.25.8-3.fc40
javapackages-tools: before 6.2.0-9.fc40
javapackages-bootstrap: before 1.16.0-3.fc40
javaewah: before 1.1.13-10.fc40
javacc-maven-plugin: before 3.1.0-1.fc40
javacc: before 7.0.13-5.fc40
java_cup: before 0.11b-29.fc40
java-scrypt: before 1.4.0-24.fc40
java-jd-decompiler: before 1.1.3-8.fc40
java-diff-utils: before 4.12-7.fc40
java-21-openjdk: before 21.0.2.0.13-2.fc40
java-17-openjdk-portable: before 17.0.10.0.7-1.fc40.1
java-17-openjdk: before 17.0.10.0.7-2.fc40
java-11-openjdk-portable: before 11.0.22.0.7-1.fc40.1
java-11-openjdk: before 11.0.22.0.7-1.fc40.1
java-1.8.0-openjdk: before 1.8.0.402.b06-1.fc40.1
jansi1: before 1.18-21.fc40
jansi-native: before 1.8-18.fc40
jansi: before 2.4.1-3.fc40
jakarta-xml-ws: before 4.0.0-6.fc40
jakarta-servlet: before 5.0.0-18.fc40
jakarta-saaj: before 3.0.0-6.fc40
jakarta-oro: before 2.0.8-44.fc40
jakarta-mail: before 2.1.2-5.fc40
jakarta-json: before 2.1.3-4.fc40
jakarta-interceptors: before 2.0.0-12.fc40
jakarta-el: before 4.0.0-14.fc40
jakarta-annotations: before 1.3.5-22.fc40
jakarta-activation1: before 1.2.2-13.fc40
jakarta-activation: before 2.1.2-6.fc40
jacop: before 4.9.0-5.fc40
jackson-parent: before 2.16-4.fc40
jackson-modules-base: before 2.16.1-3.fc40
jackson-jaxrs-providers: before 2.16.1-3.fc40
jackson-databind: before 2.16.1-4.fc40
jackson-core: before 2.16.1-4.fc40
jackson-bom: before 2.16.1-3.fc40
jackson-annotations: before 2.16.1-3.fc40
jFormatString: before 0-0.49.20131227gitf159b88.fc40
imagej: before 1.54h-4.fc40
icu4j: before 74.2-4.fc40
icedtea-web: before 1.8.8-5.fc40
icecat: before 115.8.0-2.rh1.fc40
httpcomponents-project: before 13-6.fc40
httpcomponents-core: before 4.4.16-8.fc40
httpcomponents-client: before 4.5.14-8.fc40
hibernate-jpa-2.0-api: before 1.0.1-40.fc40
hawtjni: before 1.18-12.fc40
hamcrest: before 2.2-16.fc40
guava: before 32.1.3-5.fc40
google-guice: before 5.1.0-11.fc40
gnulib: before 0-50.20230709git.fc40
fusesource-pom: before 1.12-18.fc40
frysk: before 0.4-94.fc40
freerouting: before 1.3.1-17.fc40
freecol: before 1.1.0-4.fc40
forge-parent: before 38-28.fc40
fop: before 2.9-6.fc40
flute: before 1.3.0-37.OOo31.fc40
fishbowl: before 1.4.1-9.fc40
filedrop: before 1.1-24.fc40
fernflower: before 211.7442.40-11.fc40
felix-utils: before 1.11.8-9.fc40
felix-parent: before 8-5.fc40
fasterxml-oss-parent: before 58-2.fc40
extra-enforcer-rules: before 1.7.0-6.fc40
enjarify: before 1.0.3-35.fc40
ed25519-java: before 0.3.0-21.fc40
eclipse-swt: before 4.29-4.fc40
ecj: before 4.23-9.fc40
easymock: before 4.3-8.fc40
dogtag-pki: before 11.5.0-1.fc40.1
ditaa: before 0.10-24.fc40
disruptor: before 3.4.4-11.fc40
dirgra: before 0.4-12.fc40
directory-maven-plugin: before 0.3.1-15.fc40
diffoscope: before 257-2.fc40
decentxml: before 1.4-35.fc40
crypto-policies: before 20240201-2.git9f501f3.fc40
cryptlib: before 3.4.7-5.fc40
cortado: before 0.6.0-32.fc40
console-image-viewer: before 1.2-24.fc40
colossus: before 0.14.0-27.fc40
codehaus-parent: before 4-30.fc40
clojure-spec-alpha: before 0.3.218-8.fc40
clojure-maven-plugin: before 1.9.2-6.fc40
clojure-core-specs-alpha: before 0.2.62-8.fc40
clojure: before 1.11.1-8.fc40
classloader-leak-test-framework: before 2.7.0-8.fc40
chromium: before 122.0.6261.94-2.fc40
cglib: before 3.3.0-15.fc40
ceph: before 18.2.1-10.fc40
cdi-api: before 2.0.2-14.fc40
canl-java: before 2.8.3-5.fc40
cambozola: before 0.936-24.fc40
byteman: before 4.0.16-13.fc40
byte-buddy: before 1.14.2-8.fc40
build-helper-maven-plugin: before 3.5.0-4.fc40
bsh: before 2.1.0-12.fc40
bsf: before 2.4.0-54.fc40
brazil: before 2.3-36.fc40
bouncycastle: before 1.70-13.fc40
bolzplatz2006: before 1.0.3-58.fc40
beust-jcommander: before 1.82-9.fc40
beansbinding: before 1.2.1-36.fc40
bcel: before 6.8.1-3.fc40
batik: before 1.14-13.fc40
auto: before 1.6.1-10.fc40
atinject: before 1.0.5-12.fc40
assertj-core: before 3.24.2-8.fc40
args4j: before 2.33-26.fc40
aqute-bnd: before 6.3.1-10.fc40
apiguardian: before 1.1.2-12.fc40
apache-resource-bundles: before 1.5-7.fc40
apache-parent: before 31-5.fc40
apache-ivy: before 2.5.2-4.fc40
apache-commons-vfs: before 2.9.0-5.fc40
apache-commons-text: before 1.10.0-6.fc40
apache-commons-pool: before 1.6-37.fc40
apache-commons-parent: before 66-3.fc40
apache-commons-net: before 3.10.0-5.fc40
apache-commons-modeler: before 2.0.1-40.fc40
apache-commons-math: before 3.6.1-18.fc40
apache-commons-logging: before 1.3.0-5.fc40
apache-commons-lang3: before 3.14.0-5.fc40
apache-commons-jxpath: before 1.3-52.fc40
apache-commons-io: before 2.13.0-8.fc40
apache-commons-exec: before 1.3-31.fc40
apache-commons-digester: before 2.1-30.fc40
apache-commons-compress: before 1.25.0-5.fc40
apache-commons-collections4: before 4.4-15.fc40
apache-commons-collections: before 3.2.2-36.fc40
apache-commons-codec: before 1.16.0-7.fc40
apache-commons-cli: before 1.6.0-5.fc40
apache-commons-beanutils: before 1.9.4-19.fc40
aopalliance: before 1.0-39.fc40
antlrworks: before 1.5.2-29.fc40
antlr3: before 3.5.3-10.fc40
antlr: before 2.7.7-77.fc40
ant-antunit: before 1.4.1-11.fc40
ant: before 1.10.14-10.fc40
R-rJava: before 1.0.6-9.fc40
OpenStego: before 0.7.4-12.fc40
Mars: before 4.5-26.fc40
IPAddress: before 5.2.1-17.fc40
CardManager: before 3-29.fc40
CFR: before 0.151-16.fc40
BareBonesBrowserLaunch: before 3.1-33.fc40
External linkshttp://bodhi.fedoraproject.org/updates/FEDORA-2024-129d8ca6fc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.