Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Close Editor Tabs Left and Right - VCS Extension NB22+

de.funfried.netbeans.plugins:nb-editor-close-left-right-vcs-extension-nb22:0.2

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
JavaEWAH-1.2.3.jarpkg:maven/com.googlecode.javaewah/JavaEWAH@1.2.3 035
adapter-base-RELEASE220.jarpkg:maven/org.netbeans.external/adapter-base@RELEASE220
pkg:maven/org.tigris.svnclientadapter/adapter-base@1.14.0		 032
asm-all-5.0.1.jarpkg:maven/org.ow2.asm/asm-all@5.0.1 028
bcprov-jdk18on-1.77.jarcpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.77:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.77:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.77:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.77:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.77:*:*:*:*:*:*:*		pkg:maven/org.bouncycastle/bcprov-jdk18on@1.77HIGH4Highest60
com-jcraft-jsch-RELEASE220.jar (shaded: com.github.mwiede:jsch:0.1.72)cpe:2.3:a:jcraft:jsch:0.1.72:*:*:*:*:*:*:*pkg:maven/com.github.mwiede/jsch@0.1.72 0Medium31
com-jcraft-jsch-RELEASE220.jarcpe:2.3:a:jcraft:jsch:ase220:*:*:*:*:*:*:*pkg:maven/org.netbeans.external/com-jcraft-jsch@RELEASE220 0Highest25
com-jcraft-jzlib-RELEASE220.jarcpe:2.3:a:jcraft:jzlib:ase220:*:*:*:*:*:*:*pkg:maven/org.netbeans.external/com-jcraft-jzlib@RELEASE220 0Highest21
commons-codec-1.16.0.jarpkg:maven/commons-codec/commons-codec@1.16.0 0119
commons-lang3-3.17.0.jarpkg:maven/org.apache.commons/commons-lang3@3.17.0 0145
jna-5.14.0.jarcpe:2.3:a:oracle:java_se:5.14.0:*:*:*:*:*:*:*pkg:maven/net.java.dev.jna/jna@5.14.0 0Low48
jna-platform-5.14.0.jarpkg:maven/net.java.dev.jna/jna-platform@5.14.0 044
jsch-0.1.55.jarcpe:2.3:a:jcraft:jsch:0.1.55:*:*:*:*:*:*:*pkg:maven/com.jcraft/jsch@0.1.55 0Highest34
junixsocket-common-2.5.1.jarpkg:maven/com.kohlschutter.junixsocket/junixsocket-common@2.5.1 017
junixsocket-native-common-2.5.1.jarpkg:maven/com.kohlschutter.junixsocket/junixsocket-native-common@2.5.1 029
jzlib-1.1.3.jarcpe:2.3:a:jcraft:jzlib:1.1.3:*:*:*:*:*:*:*pkg:maven/com.jcraft/jzlib@1.1.3 0Highest34
libs-c-kohlschutter-junixsocket-RELEASE220.jarcpe:2.3:a:apache:netbeans:ase220:*:*:*:*:*:*:*pkg:maven/org.netbeans.api/libs-c-kohlschutter-junixsocket@RELEASE220 0Medium23
nb-editor-close-left-right-1.0.7.jarcpe:2.3:a:left_project:left:1.0.7:*:*:*:*:*:*:*pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7 0Highest46
org-netbeans-bootstrap-RELEASE220.jarcpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:netbeans:ase220:*:*:*:*:*:*:*		pkg:maven/org.netbeans.modules/org-netbeans-bootstrap@RELEASE220HIGH6Highest29
org-netbeans-core-startup-base-RELEASE220.jarcpe:2.3:a:base-files_project:base-files:10.1ubuntu2.2:*:*:*:*:*:*:*pkg:maven/org.netbeans.modules/org-netbeans-core-startup-base@RELEASE220HIGH1Highest29
org-netbeans-modules-projectapi-RELEASE110.jarcpe:2.3:a:apache:netbeans:ase110:*:*:*:*:*:*:*pkg:maven/org.netbeans.api/org-netbeans-modules-projectapi@RELEASE110 0Medium33
org-netbeans-modules-projectuiapi-base-RELEASE110.jarcpe:2.3:a:base-files_project:base-files:10.1ubuntu2.2:*:*:*:*:*:*:*pkg:maven/org.netbeans.api/org-netbeans-modules-projectuiapi-base@RELEASE110HIGH1Highest32
org-netbeans-modules-subversion-RELEASE220.jarcpe:2.3:a:apache:netbeans:ase220:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:ase220:*:*:*:*:*:*:*		pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220 0Medium38
org-netbeans-modules-versioning-core-RELEASE220.jarcpe:2.3:a:apache:netbeans:ase220:*:*:*:*:*:*:*pkg:maven/org.netbeans.modules/org-netbeans-modules-versioning-core@RELEASE220 0Medium33
org-openide-util-lookup-RELEASE220.jarpkg:maven/org.netbeans.api/org-openide-util-lookup@RELEASE220 027
org.eclipse.jgit-6.9.0.202403050737-r.jarcpe:2.3:a:eclipse:jgit:6.9.0:202403050737:*:*:*:*:*:*pkg:maven/org.eclipse.jgit/org.eclipse.jgit@6.9.0.202403050737-r 0Highest49
slf4j-api-1.7.36.jarpkg:maven/org.slf4j/slf4j-api@1.7.36 029
updater-RELEASE220.jarpkg:maven/org.netbeans.external/updater@RELEASE220 021

Dependencies (vulnerable)

JavaEWAH-1.2.3.jar

Description:

The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
  JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
  The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/googlecode/javaewah/JavaEWAH/1.2.3/JavaEWAH-1.2.3.jar
MD5: 8fdeda28c1fb10e67b3d79f86bef5e61
SHA1: 13a27c856e0c8808cee9a64032c58eee11c3adc9
SHA256:d65226949713c4c61a784f41c51167e7b0316f93764398ebba9e4336b3d954c2
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
JavaEWAH-1.2.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

adapter-base-RELEASE220.jar

Description:

POM and identification for artifact that was not possible to uniquely identify as a maven dependency.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/netbeans/external/adapter-base/RELEASE220/adapter-base-RELEASE220.jar
MD5: a4428177751626d61c0fb176618b38af
SHA1: 0c7b101c71719b0ae54282eb69878116b8d8d9f5
SHA256:c523df1d4d03a0ca026699718e6d071ff09bb8eedd7a336ce4f4cca770e243d5
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
adapter-base-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220

Identifiers

asm-all-5.0.1.jar

File Path: /home/runner/.m2/repository/org/ow2/asm/asm-all/5.0.1/asm-all-5.0.1.jar
MD5: 279e80742ddff574fbc87244eb5c9d54
SHA1: 2f7553f50b0d14ed811b849c282da8c1ffc32aae
SHA256:94ecde163b4ca3a42425cd830c79197f22d0d1336d471ced6a8a83b07acbf7c8
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
asm-all-5.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7

Identifiers

bcprov-jdk18on-1.77.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.

License:

Bouncy Castle Licence: https://www.bouncycastle.org/licence.html
File Path: /home/runner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.77/bcprov-jdk18on-1.77.jar
MD5: ca01387064e08db12e1345b474521ff1
SHA1: 2cc971b6c20949c1ff98d1a4bc741ee848a09523
SHA256:dabb98c24d72c9b9f585633d1df9c5cd58d9ad373d0cd681367e6a603a495d58
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
bcprov-jdk18on-1.77.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

  • pkg:maven/org.bouncycastle/bcprov-jdk18on@1.77  (Confidence:High)
  • cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.77:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.77:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.77:*:*:*:*:*:*:*  (Confidence:Highest)  
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.77:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.77:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-34447 (OSSINDEX)  

bouncycastle - Improper Validation of Certificate with Host Mismatch

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
CWE-297 Improper Validation of Certificate with Host Mismatch

CVSSv3:
  • Base Score: HIGH (7.699999809265137)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.77:*:*:*:*:*:*:*

CVE-2024-29857 (OSSINDEX)  

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
CWE-125 Out-of-bounds Read

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.77:*:*:*:*:*:*:*

CVE-2024-30171 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
CWE-203 Observable Discrepancy

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.77:*:*:*:*:*:*:*

CVE-2024-30172 (OSSINDEX)  

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.bouncycastle:bcprov-jdk18on:1.77:*:*:*:*:*:*:*

com-jcraft-jsch-RELEASE220.jar (shaded: com.github.mwiede:jsch:0.1.72)

Description:

JSch is a pure Java implementation of SSH2

License:

Revised BSD: https://github.com/mwiede/jsch/blob/master/LICENSE.txt
File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jsch/RELEASE220/com-jcraft-jsch-RELEASE220.jar/META-INF/maven/com.github.mwiede/jsch/pom.xml
MD5: 85f4f9a60f52c33cda4d806ec64bd00a
SHA1: c25e7c9cbca0156005c3c675af8752438d54c4fc
SHA256:0818be86a36c6c4254b23f0e97c2d3e92bfecf8ad7d5ac72b42ba4c37eebc7ba
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile

Identifiers

com-jcraft-jsch-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jsch/RELEASE220/com-jcraft-jsch-RELEASE220.jar
MD5: 518b440f8309c56c19bd93d044de0b79
SHA1: ad512ddc61c12c29d19df6ce8fe0ef33e7da90a8
SHA256:02c166bcd7fa4161c97c75c0aad9ba0b7264f5439b2f330af155b19dcb78db2e
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
com-jcraft-jsch-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

com-jcraft-jzlib-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/external/com-jcraft-jzlib/RELEASE220/com-jcraft-jzlib-RELEASE220.jar
MD5: a094b16c6447f7a8337cdea80fbe4ccf
SHA1: f9f1fcf2ec99bdd8e434397def7eca6d49600bb0
SHA256:0cdd369ace17c8edef0aa8901668b05f12d14e4f9503610733eb051611a2ee4c
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
com-jcraft-jzlib-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

commons-codec-1.16.0.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar
MD5: 6e26920fa7228891980890cce06b718c
SHA1: 4e3eb3d79888d76b54e28b350915b5dc3919c9de
SHA256:56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
commons-codec-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

commons-lang3-3.17.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

  The code is tested using the latest revision of the JDK for supported
  LTS releases: 8, 11, 17 and 21 currently.
  See https://github.com/apache/commons-lang/blob/master/.github/workflows/maven.yml
  
  Please ensure your build environment is up-to-date and kindly report any build issues.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar
MD5: 7730df72b7fdff4a3a32d89a314f826a
SHA1: b17d2136f0460dcc0d2016ceefca8723bdf4ee70
SHA256:6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
commons-lang3-3.17.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7

Identifiers

jna-5.14.0.jar

Description:

Java Native Access

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar
MD5: 8b3cc652920435ad9f801e6d9b2a3497
SHA1: 67bf3eaea4f0718cb376a181a629e5f88fa1c9dd
SHA256:34ed1e1f27fa896bca50dbc4e99cf3732967cec387a7a0d5e3486c09673fe8c6
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
jna-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

jna-platform-5.14.0.jar

Description:

Java Native Access Platform

License:

LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar
MD5: 3bc3f09a698e6ad250dd093f64fbb8a7
SHA1: 28934d48aed814f11e4c584da55c49fa7032b31b
SHA256:ae4caceb3840730c2537f9b7fb55a01baba580286b4122951488bcee558c2449
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
jna-platform-5.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

jsch-0.1.55.jar

Description:

JSch is a pure Java implementation of SSH2

License:

Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: /home/runner/.m2/repository/com/jcraft/jsch/0.1.55/jsch-0.1.55.jar
MD5: c395ada0fc012d66f11bd30246f6c84d
SHA1: bbd40e5aa7aa3cfad5db34965456cee738a42a50
SHA256:d492b15a6d2ea3f1cc39c422c953c40c12289073dbe8360d98c0f6f9ec74fc44
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
jsch-0.1.55.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

junixsocket-common-2.5.1.jar

Description:

The public, core API

File Path: /home/runner/.m2/repository/com/kohlschutter/junixsocket/junixsocket-common/2.5.1/junixsocket-common-2.5.1.jar
MD5: 6eab1b24001a4c2dbdcf46518d5cc8cd
SHA1: 87515d51236afd95693fdc6f2233a98f9c1429b1
SHA256:ed3a364225d501fb2fa2944ac7061d9e243c5bc07f238590df2a0e3ca21ebef8
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
junixsocket-common-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

junixsocket-native-common-2.5.1.jar

Description:

Binaries of the native JNI library for common platforms

File Path: /home/runner/.m2/repository/com/kohlschutter/junixsocket/junixsocket-native-common/2.5.1/junixsocket-native-common-2.5.1.jar
MD5: df8474acd79d6d422a90538d50e6f981
SHA1: 4a19ca3071bfaa7cb30aad62d6f93faa080ea9e8
SHA256:1812573ffd48ce5a2f231102c4c560d17700141c5084149f5a77047df529fe97
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
junixsocket-native-common-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

jzlib-1.1.3.jar

Description:

JZlib is a re-implementation of zlib in pure Java

License:

BSD: http://www.jcraft.com/jzlib/LICENSE.txt
File Path: /home/runner/.m2/repository/com/jcraft/jzlib/1.1.3/jzlib-1.1.3.jar
MD5: 386d3714fef534d21175d8885ae48bf7
SHA1: c01428efa717624f7aabf4df319939dda9646b2d
SHA256:89b1360f407381bf61fde411019d8cbd009ebb10cff715f3669017a031027560
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
jzlib-1.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

libs-c-kohlschutter-junixsocket-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/api/libs-c-kohlschutter-junixsocket/RELEASE220/libs-c-kohlschutter-junixsocket-RELEASE220.jar
MD5: 4d00a759a2e62f14ea13fde29629b3da
SHA1: deea04a0cc368b533870ba407b239e9b658e280d
SHA256:daf9ac1027bad0c8492de55d177238b5ae7a1aeb30badc3df805ee84e9cf4a26
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
libs-c-kohlschutter-junixsocket-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

nb-editor-close-left-right-1.0.7.jar

Description:

		This plugin helps you to easily close unused or unwanted editor tabs. Instead of either close all tabs
		or all tabs except the currently selected you can also close the tabs right or left, the ones either
		belong or not belong to the project from the context menu of a selected tab at once or even all tabs
		that have not been changed since the last commit to your version control system (Git, SVN and Mercurial
		supported).

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/de/funfried/netbeans/plugins/nb-editor-close-left-right/1.0.7/nb-editor-close-left-right-1.0.7.jar
MD5: c92ddc9a704451c5c91363c12b58a90d
SHA1: 7f1a2976000ae51b2ad97b77800fd650a8ad3e30
SHA256:e59f26bb7e713266aba7d72d51321bd036d1c510b1d2ae22b89cd468ea5470ab
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
nb-editor-close-left-right-1.0.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.2

Identifiers

org-netbeans-bootstrap-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-bootstrap/RELEASE220/org-netbeans-bootstrap-RELEASE220.jar
MD5: fce02c8c3147e22d9045e4ac0e177e5d
SHA1: 94264c51441d990e061b7e9ad9eb92970856cb24
SHA256:f05ec8fb7d1610a99527484a7d561422f25f67ad65ee4b296580596f66c22f1d
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-bootstrap-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220

Identifiers

CVE-2009-2412  

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1955  

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2009-1956  

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-1623  

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2009-0023  

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2011-1928  

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
CWE-399 Resource Management Errors

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

org-netbeans-core-startup-base-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-core-startup-base/RELEASE220/org-netbeans-core-startup-base-RELEASE220.jar
MD5: 463d759fe783a7e69db038462f104744
SHA1: fb2a85ea8c05f02df9f1ea93e2219b16a98d0257
SHA256:e421705f9f092cac98a374105d53eeaafbf2bf19ef7228a42b41a2493327ade9
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-core-startup-base-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220

Identifiers

CVE-2018-6557  

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

org-netbeans-modules-projectapi-RELEASE110.jar

File Path: /home/runner/.m2/repository/org/netbeans/api/org-netbeans-modules-projectapi/RELEASE110/org-netbeans-modules-projectapi-RELEASE110.jar
MD5: 49976d13e55ee444c17bd32665a47247
SHA1: f313397dc63baeb2f2b16fc95c73df935476f2d1
SHA256:d97b1beb5d25825a1956675465c70f0ab5e5db267a4d19bdaa02c196cfc5bc54
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-modules-projectapi-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7

Identifiers

org-netbeans-modules-projectuiapi-base-RELEASE110.jar

File Path: /home/runner/.m2/repository/org/netbeans/api/org-netbeans-modules-projectuiapi-base/RELEASE110/org-netbeans-modules-projectuiapi-base-RELEASE110.jar
MD5: 2a665f1cfe3b4b956e47fa05decd75d6
SHA1: 62b39080e1d70b968b2cf02675dc69762550db8f
SHA256:a6d78ec80abc46f714ed84e9b1608a203abf551cb056496a67f434b9e0599ce8
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-modules-projectuiapi-base-RELEASE110.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right@1.0.7

Identifiers

CVE-2018-6557  

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.
CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

org-netbeans-modules-subversion-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-modules-subversion/RELEASE220/org-netbeans-modules-subversion-RELEASE220.jar
MD5: 71de17c7116589c32e4423439bc7466a
SHA1: d5fa90d8a92873bf3c5c655214d148ae7daf72ee
SHA256:846ef770e406b0e765818773211ca62316046ed2f24df3043d9bc4b374439f35
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-modules-subversion-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.2

Identifiers

org-netbeans-modules-versioning-core-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/modules/org-netbeans-modules-versioning-core/RELEASE220/org-netbeans-modules-versioning-core-RELEASE220.jar
MD5: ce7e6975cd543ec1237732f0cb173248
SHA1: b46da0a65a4ccea7ad427cec798e379ca27f7bcb
SHA256:baf25ed5a2a77425111532bfee19c18cbaf5dfe7523cdc72119695d396a94a69
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-netbeans-modules-versioning-core-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-git@RELEASE220

Identifiers

org-openide-util-lookup-RELEASE220.jar

File Path: /home/runner/.m2/repository/org/netbeans/api/org-openide-util-lookup/RELEASE220/org-openide-util-lookup-RELEASE220.jar
MD5: aef713d470e2a344155d39f14a81eaa2
SHA1: 0d6661b0943575232d6529c67fcf89a6cace3152
SHA256:54f6302572f2fe5c9dd15d7a4b4558ff17aa95d029ef5d4f5a1253bb746bf96a
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org-openide-util-lookup-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.funfried.netbeans.plugins/nb-editor-close-left-right-vcs-extension-nb22@0.2

Identifiers

org.eclipse.jgit-6.9.0.202403050737-r.jar

Description:

    Repository access and algorithms

File Path: /home/runner/.m2/repository/org/eclipse/jgit/org.eclipse.jgit/6.9.0.202403050737-r/org.eclipse.jgit-6.9.0.202403050737-r.jar
MD5: bf46ab2ec23bf919a867b25bf08bf22f
SHA1: e4da064611794c35cbf80a720a3f813285d5ccba
SHA256:6209ac6691be2a06320f02000d89bed73edf05f45d65ef9a155147511ab77f3c
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
org.eclipse.jgit-6.9.0.202403050737-r.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

slf4j-api-1.7.36.jar

Description:

The slf4j API

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.api/org-netbeans-libs-git@RELEASE220

Identifiers

updater-RELEASE220.jar

Description:

POM and identification for artifact that was not possible to uniquely identify as a maven dependency.

File Path: /home/runner/.m2/repository/org/netbeans/external/updater/RELEASE220/updater-RELEASE220.jar
MD5: dc3b739e244d1e3f94569985852b8bd4
SHA1: 20f7b83a04136fde357a175fed28f97b4c157c89
SHA256:9429a1f51754fa8623a7e2eea241e6cc58a929609f1893ec4ba4b2b02af98d31
Referenced In Project/Scope: Close Editor Tabs Left and Right - VCS Extension NB22+:compile
updater-RELEASE220.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.netbeans.modules/org-netbeans-modules-subversion@RELEASE220

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.