diff --git a/parser-sdk/nodejs/findings-schema.json b/parser-sdk/nodejs/findings-schema.json index 0b390b23f6..7c5399caa0 100644 --- a/parser-sdk/nodejs/findings-schema.json +++ b/parser-sdk/nodejs/findings-schema.json @@ -62,7 +62,10 @@ }, "required": [ "id", - "parsed_at" + "parsed_at", + "severity", + "category", + "name" ] } } diff --git a/scanners/nmap/parser/parser.js b/scanners/nmap/parser/parser.js index ce4bb70523..6c321ed1d6 100644 --- a/scanners/nmap/parser/parser.js +++ b/scanners/nmap/parser/parser.js @@ -21,7 +21,7 @@ function transformToFindings(hosts) { return openPorts.map(openPort => { return { - name: openPort.service, + name: openPort.service ? `Open Port: ${openPort.port} (${openPort.service})`: `Open Port: ${openPort.port}`, description: `Port ${openPort.port} is ${openPort.state} using ${openPort.protocol} protocol.`, category: 'Open Port', location: `${openPort.protocol}://${hostInfo.ip}:${openPort.port}`, diff --git a/scanners/nmap/parser/parser.test.js b/scanners/nmap/parser/parser.test.js index 94c4c10c3c..c16b239c32 100644 --- a/scanners/nmap/parser/parser.test.js +++ b/scanners/nmap/parser/parser.test.js @@ -24,114 +24,114 @@ test("should properly parse nmap xml file", async () => { // validate findings await expect(validateParser(findings)).resolves.toBeUndefined(); expect(findings).toMatchInlineSnapshot(` - Array [ - Object { - "attributes": Object { - "hostname": "localhost", - "ip_address": "127.0.0.1", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 53, - "protocol": "tcp", - "scripts": null, - "service": "domain", - "serviceProduct": null, - "serviceVersion": null, - "state": "open", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 53 is open using tcp protocol.", - "location": "tcp://127.0.0.1:53", - "name": "domain", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "localhost", - "ip_address": "127.0.0.1", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 8021, - "protocol": "tcp", - "scripts": null, - "service": "ftp-proxy", - "serviceProduct": null, - "serviceVersion": null, - "state": "open", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 8021 is open using tcp protocol.", - "location": "tcp://127.0.0.1:8021", - "name": "ftp-proxy", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "localhost", - "ip_address": "127.0.0.1", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 8080, - "protocol": "tcp", - "scripts": null, - "service": "http-proxy", - "serviceProduct": null, - "serviceVersion": null, - "state": "open", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 8080 is open using tcp protocol.", - "location": "tcp://127.0.0.1:8080", - "name": "http-proxy", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "localhost", - "ip_address": "127.0.0.1", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 9200, - "protocol": "tcp", - "scripts": null, - "service": "wap-wsp", - "serviceProduct": null, - "serviceVersion": null, - "state": "open", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 9200 is open using tcp protocol.", - "location": "tcp://127.0.0.1:9200", - "name": "wap-wsp", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "localhost", - "ip_address": "127.0.0.1", - "operating_system": null, - }, - "category": "Host", - "description": "Found a host", - "location": "localhost", - "name": "Host: localhost", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - ] - `); +Array [ + Object { + "attributes": Object { + "hostname": "localhost", + "ip_address": "127.0.0.1", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 53, + "protocol": "tcp", + "scripts": null, + "service": "domain", + "serviceProduct": null, + "serviceVersion": null, + "state": "open", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 53 is open using tcp protocol.", + "location": "tcp://127.0.0.1:53", + "name": "Open Port: 53 (domain)", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "localhost", + "ip_address": "127.0.0.1", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 8021, + "protocol": "tcp", + "scripts": null, + "service": "ftp-proxy", + "serviceProduct": null, + "serviceVersion": null, + "state": "open", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 8021 is open using tcp protocol.", + "location": "tcp://127.0.0.1:8021", + "name": "Open Port: 8021 (ftp-proxy)", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "localhost", + "ip_address": "127.0.0.1", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 8080, + "protocol": "tcp", + "scripts": null, + "service": "http-proxy", + "serviceProduct": null, + "serviceVersion": null, + "state": "open", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 8080 is open using tcp protocol.", + "location": "tcp://127.0.0.1:8080", + "name": "Open Port: 8080 (http-proxy)", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "localhost", + "ip_address": "127.0.0.1", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 9200, + "protocol": "tcp", + "scripts": null, + "service": "wap-wsp", + "serviceProduct": null, + "serviceVersion": null, + "state": "open", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 9200 is open using tcp protocol.", + "location": "tcp://127.0.0.1:9200", + "name": "Open Port: 9200 (wap-wsp)", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "localhost", + "ip_address": "127.0.0.1", + "operating_system": null, + }, + "category": "Host", + "description": "Found a host", + "location": "localhost", + "name": "Host: localhost", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, +] +`); }); test("should properly parse a nmap xml without any ports", async () => { @@ -181,45 +181,45 @@ test("should properly parse a nmap xml with missing service information", async const findings = await parse(xmlContent); await expect(validateParser(findings)).resolves.toBeUndefined(); expect(findings).toMatchInlineSnapshot(` - Array [ - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "93.184.216.34", - "mac_address": null, - "method": undefined, - "operating_system": null, - "port": 10250, - "protocol": "tcp", - "scripts": null, - "service": undefined, - "serviceProduct": null, - "serviceVersion": null, - "state": "filtered", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 10250 is filtered using tcp protocol.", - "location": "tcp://93.184.216.34:10250", - "name": undefined, - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "93.184.216.34", - "operating_system": null, - }, - "category": "Host", - "description": "Found a host", - "location": "example.com", - "name": "Host: example.com", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - ] - `); +Array [ + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "93.184.216.34", + "mac_address": null, + "method": undefined, + "operating_system": null, + "port": 10250, + "protocol": "tcp", + "scripts": null, + "service": undefined, + "serviceProduct": null, + "serviceVersion": null, + "state": "filtered", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 10250 is filtered using tcp protocol.", + "location": "tcp://93.184.216.34:10250", + "name": "Open Port: 10250", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "93.184.216.34", + "operating_system": null, + }, + "category": "Host", + "description": "Found a host", + "location": "example.com", + "name": "Host: example.com", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, +] +`); }); test("Should properly parse a nmap xml with script specific SMB findings", async () => { @@ -233,181 +233,181 @@ test("Should properly parse a nmap xml with script specific SMB findings", async const findings = await parse(xmlContent); await expect(validateParser(findings)).resolves.toBeUndefined(); expect(await parse(xmlContent)).toMatchInlineSnapshot(` - Array [ - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": null, - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "state": "open", - "tunnel": null, - }, - "category": "Open Port", - "description": "Port 445 is open using tcp protocol.", - "location": "tcp://10.50.0.2:445", - "name": "microsoft-ds", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "operating_system": null, - }, - "category": "Host", - "description": "Found a host", - "location": "example.com", - "name": "Host: example.com", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "NT LM 0.12 (SMBv1) [dangerous, but default]", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 1, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with an old version: SMBv1", - "location": "tcp://10.50.0.2:445", - "name": "SMB Dangerous Protocol Version Finding SMBv1", - "osi_layer": "NETWORK", - "severity": "HIGH", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "2.02", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 2.02, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with an old version: 2.02", - "location": "tcp://10.50.0.2:445", - "name": "SMB Protocol Version Finding v2.02", - "osi_layer": "NETWORK", - "severity": "LOW", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "2.10", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 2.1, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with an old version: 2.1", - "location": "tcp://10.50.0.2:445", - "name": "SMB Protocol Version Finding v2.1", - "osi_layer": "NETWORK", - "severity": "LOW", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "3.00", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 3, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with version: 3", - "location": "tcp://10.50.0.2:445", - "name": "SMB Protocol Version Finding v3", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "3.02", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 3.02, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with version: 3.02", - "location": "tcp://10.50.0.2:445", - "name": "SMB Protocol Version Finding v3.02", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - Object { - "attributes": Object { - "hostname": "example.com", - "ip_address": "10.50.0.2", - "mac_address": null, - "method": "table", - "operating_system": null, - "port": 445, - "protocol": "tcp", - "scripts": "3.11", - "service": "microsoft-ds", - "serviceProduct": null, - "serviceVersion": null, - "smb_protocol_version": 3.11, - "state": "open", - }, - "category": "SMB", - "description": "Port 445 is open using SMB protocol with version: 3.11", - "location": "tcp://10.50.0.2:445", - "name": "SMB Protocol Version Finding v3.11", - "osi_layer": "NETWORK", - "severity": "INFORMATIONAL", - }, - ] - `); +Array [ + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": null, + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "state": "open", + "tunnel": null, + }, + "category": "Open Port", + "description": "Port 445 is open using tcp protocol.", + "location": "tcp://10.50.0.2:445", + "name": "Open Port: 445 (microsoft-ds)", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "operating_system": null, + }, + "category": "Host", + "description": "Found a host", + "location": "example.com", + "name": "Host: example.com", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "NT LM 0.12 (SMBv1) [dangerous, but default]", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 1, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with an old version: SMBv1", + "location": "tcp://10.50.0.2:445", + "name": "SMB Dangerous Protocol Version Finding SMBv1", + "osi_layer": "NETWORK", + "severity": "HIGH", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "2.02", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 2.02, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with an old version: 2.02", + "location": "tcp://10.50.0.2:445", + "name": "SMB Protocol Version Finding v2.02", + "osi_layer": "NETWORK", + "severity": "LOW", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "2.10", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 2.1, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with an old version: 2.1", + "location": "tcp://10.50.0.2:445", + "name": "SMB Protocol Version Finding v2.1", + "osi_layer": "NETWORK", + "severity": "LOW", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "3.00", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 3, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with version: 3", + "location": "tcp://10.50.0.2:445", + "name": "SMB Protocol Version Finding v3", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "3.02", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 3.02, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with version: 3.02", + "location": "tcp://10.50.0.2:445", + "name": "SMB Protocol Version Finding v3.02", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, + Object { + "attributes": Object { + "hostname": "example.com", + "ip_address": "10.50.0.2", + "mac_address": null, + "method": "table", + "operating_system": null, + "port": 445, + "protocol": "tcp", + "scripts": "3.11", + "service": "microsoft-ds", + "serviceProduct": null, + "serviceVersion": null, + "smb_protocol_version": 3.11, + "state": "open", + }, + "category": "SMB", + "description": "Port 445 is open using SMB protocol with version: 3.11", + "location": "tcp://10.50.0.2:445", + "name": "SMB Protocol Version Finding v3.11", + "osi_layer": "NETWORK", + "severity": "INFORMATIONAL", + }, +] +`); }); diff --git a/scanners/trivy/parser/__snapshots__/parser.test.js.snap b/scanners/trivy/parser/__snapshots__/parser.test.js.snap index 7c786bb567..b119e5a8f0 100644 --- a/scanners/trivy/parser/__snapshots__/parser.test.js.snap +++ b/scanners/trivy/parser/__snapshots__/parser.test.js.snap @@ -294,7 +294,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -320,7 +320,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -341,7 +341,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -365,7 +365,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -391,7 +391,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -857,7 +857,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -975,7 +975,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -1001,7 +1001,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -1022,7 +1022,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -1046,7 +1046,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -1072,7 +1072,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -1538,7 +1538,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -1656,7 +1656,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -1682,7 +1682,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -1703,7 +1703,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -1727,7 +1727,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -1753,7 +1753,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -2219,7 +2219,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -2337,7 +2337,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -2363,7 +2363,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -2384,7 +2384,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -2408,7 +2408,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -2434,7 +2434,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -2900,7 +2900,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.10-10+deb8u11)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -3022,7 +3022,7 @@ Array [ "category": "Image Vulnerability", "description": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apt (1.0.9.8.4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-3462", @@ -3047,7 +3047,7 @@ Array [ "category": "Image Vulnerability", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency apt (1.0.9.8.4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-3374", @@ -3147,7 +3147,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency bash (4.3-11+deb8u1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -7025,7 +7025,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\\\0' character.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency binutils (2.25-5+deb8u1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12972", @@ -7415,7 +7415,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency bsdutils (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -8338,7 +8338,7 @@ Array [ "category": "Image Vulnerability", "description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency dpkg (1.17.27)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-8283", @@ -8361,7 +8361,7 @@ Array [ "category": "Image Vulnerability", "description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency dpkg-dev (1.17.27)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-8283", @@ -15900,7 +15900,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -15946,7 +15946,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -21952,7 +21952,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-6.q16 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -21998,7 +21998,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-6.q16 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -28004,7 +28004,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-common (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -28050,7 +28050,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-common (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -28072,7 +28072,7 @@ Array [ "category": "Image Vulnerability", "description": "Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency inetutils-ping (2:1.9.2.39.3a460-3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-0053", @@ -28091,7 +28091,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency initscripts (2.88dsf-59)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -28232,7 +28232,7 @@ Array [ "category": "Image Vulnerability", "description": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libapt-pkg4.12 (1.0.9.8.4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-3462", @@ -28257,7 +28257,7 @@ Array [ "category": "Image Vulnerability", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libapt-pkg4.12 (1.0.9.8.4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-3374", @@ -28613,7 +28613,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libblkid1 (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -28661,7 +28661,7 @@ Array [ "category": "Image Vulnerability", "description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libbsd0 (0.7.0-2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-20367", @@ -33852,7 +33852,7 @@ Array [ "category": "Image Vulnerability", "description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libdpkg-perl (1.17.27)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-8283", @@ -34284,7 +34284,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libgcrypt20 (1.6.3-2+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "UNKNOWN", @@ -34666,7 +34666,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libgnutls-deb0-28 (3.3.8-6+deb8u7)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -42906,7 +42906,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libmagickcore-6.q16-2 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -42952,7 +42952,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libmagickcore-6.q16-2 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -48958,7 +48958,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libmagickwand-6.q16-2 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -49004,7 +49004,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libmagickwand-6.q16-2 (8:6.8.9.9-5+deb8u10)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -49157,7 +49157,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libmount1 (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -50128,7 +50128,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libpcre3 (2:8.35-3.3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "UNKNOWN", @@ -50331,7 +50331,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libpcre3-dev (2:8.35-3.3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "UNKNOWN", @@ -50534,7 +50534,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libpcrecpp0 (2:8.35-3.3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "UNKNOWN", @@ -52329,7 +52329,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libsmartcols1 (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -52393,7 +52393,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \\"SQLite\\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libsqlite3-0 (3.8.7.1-1+deb8u2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-2518", @@ -52422,7 +52422,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \\"SQLite\\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libsqlite3-0 (3.8.7.1-1+deb8u2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-2519", @@ -52451,7 +52451,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \\"SQLite\\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libsqlite3-0 (3.8.7.1-1+deb8u2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-2520", @@ -55314,7 +55314,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libtiff5 (4.0.3-12.3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -56381,7 +56381,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency libuuid1 (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -57144,7 +57144,7 @@ Array [ "category": "Image Vulnerability", "description": "Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2015-4001", @@ -57174,7 +57174,7 @@ Array [ "category": "Image Vulnerability", "description": "drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2015-4002", @@ -57246,7 +57246,7 @@ Array [ "category": "Image Vulnerability", "description": "Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-9120", @@ -57680,7 +57680,7 @@ Array [ "category": "Image Vulnerability", "description": "The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2015-4003", @@ -57711,7 +57711,7 @@ Array [ "category": "Image Vulnerability", "description": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2015-4004", @@ -61594,7 +61594,7 @@ Array [ "category": "Image Vulnerability", "description": "TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2004-0230", @@ -61621,7 +61621,7 @@ Array [ "category": "Image Vulnerability", "description": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-3660", @@ -61763,7 +61763,7 @@ Array [ "category": "Image Vulnerability", "description": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2014-9892", @@ -61859,7 +61859,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \\"the underlying problem is non-trivial to handle.\\"", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-10723", @@ -61961,7 +61961,7 @@ Array [ "category": "Image Vulnerability", "description": "The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-2853", @@ -61986,7 +61986,7 @@ Array [ "category": "Image Vulnerability", "description": "The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-2854", @@ -62045,7 +62045,7 @@ Array [ "category": "Image Vulnerability", "description": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-0786", @@ -67086,7 +67086,7 @@ Array [ "category": "Image Vulnerability", "description": "In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-2101", @@ -67108,7 +67108,7 @@ Array [ "category": "Image Vulnerability", "description": "In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-2213", @@ -67578,7 +67578,7 @@ Array [ "category": "Image Vulnerability", "description": "In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-0030", @@ -67691,7 +67691,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-11609", @@ -67787,7 +67787,7 @@ Array [ "category": "Image Vulnerability", "description": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-4915", @@ -67806,7 +67806,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-4917", @@ -69227,7 +69227,7 @@ Array [ "category": "Image Vulnerability", "description": "Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-0136", @@ -69846,7 +69846,7 @@ Array [ "category": "Image Vulnerability", "description": "In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-19227", @@ -70365,7 +70365,7 @@ Array [ "category": "Image Vulnerability", "description": "In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-0009", @@ -70387,7 +70387,7 @@ Array [ "category": "Image Vulnerability", "description": "In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-0067", @@ -70434,7 +70434,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-11608", @@ -70574,7 +70574,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -70592,7 +70592,7 @@ Array [ "category": "Image Vulnerability", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11884. Reason: This candidate is a reservation duplicate of CVE-2019-11884. Notes: All CVE users should reference CVE-2019-11884 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12983", @@ -70613,7 +70613,7 @@ Array [ "category": "Image Vulnerability", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14634. Reason: This candidate is a reservation duplicate of CVE-2018-14634. Notes: All CVE users should reference CVE-2018-14634 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-9457", @@ -70634,7 +70634,7 @@ Array [ "category": "Image Vulnerability", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9503. Reason: This candidate is a duplicate of CVE-2019-9503. Notes: All CVE users should reference CVE-2019-9503 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (3.16.43-2+deb8u5)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-9466", @@ -70685,7 +70685,7 @@ Array [ "category": "Image Vulnerability", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency login (1:4.2-3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-5686", @@ -70774,7 +70774,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency login (1:4.2-3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -70986,7 +70986,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency mount (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -73136,7 +73136,7 @@ Array [ "category": "Image Vulnerability", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency passwd (1:4.2-3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-5686", @@ -73225,7 +73225,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency passwd (1:4.2-3+deb8u4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -73670,7 +73670,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency perl (5.20.2-3+deb8u9)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -73876,7 +73876,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency perl-base (5.20.2-3+deb8u9)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -74082,7 +74082,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency perl-modules (5.20.2-3+deb8u9)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -75576,7 +75576,7 @@ Array [ "category": "Image Vulnerability", "description": "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency sensible-utils (0.0.9)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2017-17512", @@ -76379,7 +76379,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency sysv-rc (2.88dsf-59)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -76395,7 +76395,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency sysvinit-utils (2.88dsf-59)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -76413,7 +76413,7 @@ Array [ "category": "Image Vulnerability", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency tar (1.27.1-2+deb8u1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-2541", @@ -76486,7 +76486,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency tar (1.27.1-2+deb8u1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -77031,7 +77031,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:1.27.3", - "name": undefined, + "name": "Vulnerability in Dependency util-linux (2.25.2-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -77640,7 +77640,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -77666,7 +77666,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -77687,7 +77687,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -77711,7 +77711,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -77737,7 +77737,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -77845,7 +77845,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2 (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -77929,7 +77929,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -77955,7 +77955,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -77976,7 +77976,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -78000,7 +78000,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -78026,7 +78026,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -78134,7 +78134,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-bin (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -78218,7 +78218,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -78244,7 +78244,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -78265,7 +78265,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -78289,7 +78289,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -78315,7 +78315,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -78423,7 +78423,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-data (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -78507,7 +78507,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-0086", @@ -78533,7 +78533,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \\"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\\"", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1307", @@ -78554,7 +78554,7 @@ Array [ "category": "Image Vulnerability", "description": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \\"Inverse Lookup Log Corruption (ILLC)\\" issue.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2003-1580", @@ -78578,7 +78578,7 @@ Array [ "category": "Image Vulnerability", "description": "suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \\"the attacks described rely on an insecure server configuration\\" in which the user \\"has write access to the document root.\\" In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-1743", @@ -78604,7 +78604,7 @@ Array [ "category": "Image Vulnerability", "description": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-3303", @@ -78712,7 +78712,7 @@ Array [ "category": "Image Vulnerability", "description": "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apache2-utils (2.4.38-3+deb10u3)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2001-1534", @@ -78796,7 +78796,7 @@ Array [ "category": "Image Vulnerability", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency apt (1.8.2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-3374", @@ -78838,7 +78838,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency bash (5.0-4)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -79632,7 +79632,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\\\0' character.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency binutils (2.31.1-16)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12972", @@ -80663,7 +80663,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\\\0' character.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency binutils-common (2.31.1-16)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12972", @@ -81694,7 +81694,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\\\0' character.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency binutils-x86-64-linux-gnu (2.31.1-16)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12972", @@ -83522,7 +83522,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick (8:6.9.10.23+dfsg-2.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -84827,7 +84827,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-6-common (8:6.9.10.23+dfsg-2.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -86132,7 +86132,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency imagemagick-6.q16 (8:6.9.10.23+dfsg-2.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -86153,7 +86153,7 @@ Array [ "category": "Image Vulnerability", "description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libapparmor1 (2.13.2-10)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-1585", @@ -86178,7 +86178,7 @@ Array [ "category": "Image Vulnerability", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libapt-pkg5.0 (1.8.2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-3374", @@ -87152,7 +87152,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\\\0' character.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libbinutils (2.31.1-16)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12972", @@ -87409,7 +87409,7 @@ Array [ "category": "Image Vulnerability", "description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libbsd0 (0.9.1-2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-20367", @@ -89194,7 +89194,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libcups2 (2.2.10-6+deb10u2)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-8842", @@ -89644,7 +89644,7 @@ Array [ "category": "Image Vulnerability", "description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libidn2-0 (2.0.5-1+deb10u1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-12290", @@ -89688,7 +89688,7 @@ Array [ "category": "Image Vulnerability", "description": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libip4tc0 (1.8.2-4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-11360", @@ -89881,7 +89881,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libjson-glib-1.0-0 (1.4.4-2)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -89897,7 +89897,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libjson-glib-1.0-common (1.4.4-2)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -91560,7 +91560,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libmagickcore-6.q16-6 (8:6.9.10.23+dfsg-2.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -92865,7 +92865,7 @@ Array [ "category": "Image Vulnerability", "description": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libmagickwand-6.q16-6 (8:6.9.10.23+dfsg-2.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-0406", @@ -92929,7 +92929,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libnghttp2-14 (1.36.0-2+deb10u1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -92969,7 +92969,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency libopenjp2-7 (2.3.0-2+deb10u1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2018-7648", @@ -96024,7 +96024,7 @@ Array [ "category": "Image Vulnerability", "description": "TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2004-0230", @@ -96051,7 +96051,7 @@ Array [ "category": "Image Vulnerability", "description": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-3660", @@ -96170,7 +96170,7 @@ Array [ "category": "Image Vulnerability", "description": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2014-9892", @@ -96216,7 +96216,7 @@ Array [ "category": "Image Vulnerability", "description": "** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \\"the underlying problem is non-trivial to handle.\\"", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2016-10723", @@ -96927,7 +96927,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-11609", @@ -97104,7 +97104,7 @@ Array [ "category": "Image Vulnerability", "description": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-4915", @@ -97123,7 +97123,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2011-4917", @@ -97470,7 +97470,7 @@ Array [ "category": "Image Vulnerability", "description": "In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-0009", @@ -97492,7 +97492,7 @@ Array [ "category": "Image Vulnerability", "description": "In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-0067", @@ -97539,7 +97539,7 @@ Array [ "category": "Image Vulnerability", "description": "An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2020-11608", @@ -97704,7 +97704,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -97725,7 +97725,7 @@ Array [ "category": "Image Vulnerability", "description": "Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency linux-libc-dev (4.19.98-1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-15794", @@ -97751,7 +97751,7 @@ Array [ "category": "Image Vulnerability", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency login (1:4.5-1.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-5686", @@ -97840,7 +97840,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency login (1:4.5-1.1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -98008,7 +98008,7 @@ Array [ "category": "Image Vulnerability", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency passwd (1:4.5-1.1)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2007-5686", @@ -98097,7 +98097,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency passwd (1:4.5-1.1)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -98719,7 +98719,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency sysvinit-utils (2.93-8)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -98737,7 +98737,7 @@ Array [ "category": "Image Vulnerability", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency tar (1.30+dfsg-6)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2005-2541", @@ -98780,7 +98780,7 @@ Array [ "category": "Image Vulnerability", "description": undefined, "location": "mediawiki:stable", - "name": undefined, + "name": "Vulnerability in Dependency tar (1.30+dfsg-6)", "osi_layer": "NOT_APPLICABLE", "reference": null, "severity": "LOW", @@ -98963,7 +98963,7 @@ Array [ "category": "Image Vulnerability", "description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.", "location": "securecodebox/engine", - "name": undefined, + "name": "Vulnerability in Dependency musl (1.1.20-r4)", "osi_layer": "NOT_APPLICABLE", "reference": Object { "id": "CVE-2019-14697", diff --git a/scanners/trivy/parser/parser.js b/scanners/trivy/parser/parser.js index fd95aab1e0..29cdc0407e 100644 --- a/scanners/trivy/parser/parser.js +++ b/scanners/trivy/parser/parser.js @@ -40,7 +40,7 @@ async function parse(scanResults) { } findings.push({ - name: vulnerability.Title, + name: vulnerability.Title || `Vulnerability in Dependency ${vulnerability.PkgName} (${vulnerability.InstalledVersion})`, description: vulnerability.Description, category, location: imageId,