/sicsdocs/releases/21.2/cve_security_reports/ Recent content in CVE security reports on Hugo -- gohugo.io /sicsdocs/releases/21.2/cve_security_reports/sics_adh_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_adh_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X. /sicsdocs/releases/21.2/cve_security_reports/sics_api_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_api_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X. /sicsdocs/releases/21.2/cve_security_reports/sics_batch_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_batch_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X. /sicsdocs/releases/21.2/cve_security_reports/sics_desktop_app/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_desktop_app/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X. /sicsdocs/releases/21.2/cve_security_reports/sics_emessaging_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_emessaging_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X. /sicsdocs/releases/21.2/cve_security_reports/sics_java_launcher/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_java_launcher/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 22.06.2021, 14:04:35 UTC, using dependency-check version: 6.0.3. /sicsdocs/releases/21.2/cve_security_reports/sics_naming_service/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_naming_service/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-29242 dhowden tag before 2020-11-19 allows 'panic: runtime error: index out of range' via readPICFrame. CWE-129 MEDIUM MEDIUM jakarta.servlet.jsp.jstl-1.2.6.jar CVE-2020-29243 dhowden tag before 2020-11-19 allows 'panic: runtime error: index out of range' via readAPICFrame. CWE-129 MEDIUM MEDIUM jakarta.servlet.jsp.jstl-1.2.6.jar CVE-2020-29244 dhowden tag before 2020-11-19 allows 'panic: runtime error: slice bounds out of range' via readTextWithDescrFrame. /sicsdocs/releases/21.2/cve_security_reports/sics_operational_reporting_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_operational_reporting_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency 1704 In `chart.js` before version 2.9.4 the options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. /sicsdocs/releases/21.2/cve_security_reports/sics_operational_reporting_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_operational_reporting_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-7676 angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping '<option>' elements in '<select>' ones changes parsing behavior, leading to possibly unsanitizing code. CWE-79 LOW MEDIUM angular-cookies.min.js CVE-2020-7676 angular. /sicsdocs/releases/21.2/cve_security_reports/sics_search_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_search_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-27223 In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. /sicsdocs/releases/21.2/cve_security_reports/sics_search_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_search_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-7676 angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping '<option>' elements in '<select>' ones changes parsing behavior, leading to possibly unsanitizing code. CWE-79 LOW MEDIUM angular-cookies.min.js CVE-2020-7676 angular. /sicsdocs/releases/21.2/cve_security_reports/sics_docs/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.2/cve_security_reports/sics_docs/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 22.06.2021, 14:07:19 UTC, using dependency-check version: 6.0.3.