CVE Security Report - SICS API Server
The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community.
| Name | Description | CWE | CVSS v2.0 Severity | CVSS v3.0 Severity | Dependency |
|---|---|---|---|---|---|
| CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | NVD-CWE-noinfo | MEDIUM | MEDIUM | commons-httpclient-3.1.jar |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | CWE-400 | MEDIUM | MEDIUM | http2-client-9.4.36.v20210114.jar |
| CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | NVD-CWE-noinfo | MEDIUM | MEDIUM | httpclient-4.5.12.jar |
| CVE-2008-1997 | Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. IBM link requires login credentials. | CWE-94 | HIGH | jcc-11.5.5.0.jar | |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | CWE-400 | MEDIUM | MEDIUM | jetty-http-9.4.36.v20210114.jar |
| CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method 'File.createTempFile' on unix-like systems creates a random file, but, by default will create this file with the permissions '-rw-r--r--'. Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's 'AbstractDiskHttpData' is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own 'java.io.tmpdir' when you start the JVM or use 'DefaultHttpDataFactory.setBaseDir(...)' to set the directory to something that is only readable by the current user. | CWE-378 | LOW | MEDIUM | netty-transport-4.1.50.Final.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.commands-3.9.800.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.contenttype-3.7.800.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.databinding-1.10.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.databinding.observable-1.10.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.databinding.property-1.8.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.expressions-3.7.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.jobs-3.10.1000.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.core.runtime-3.20.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.core.contexts-1.8.400.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.core.di-1.7.600.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.core.di.annotations-1.6.600.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.core.di.extensions-0.16.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.core.services-2.2.500.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.emf.xpath-0.2.800.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.css.core-0.13.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.css.swt-0.14.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.di-1.2.900.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.dialogs-1.2.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.model.workbench-2.1.900.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.services-1.4.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.widgets-1.2.800.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.workbench-1.12.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.workbench.swt-0.15.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.e4.ui.workbench3-0.15.500.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.equinox.app-1.5.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.equinox.bidi-1.3.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.equinox.common-3.14.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.equinox.preferences-3.8.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.equinox.registry-3.10.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.help-3.8.800.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.jface-3.22.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.jface.databinding-1.12.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.osgi-3.16.100.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.ui.workbench-3.122.0.jar |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | CWE-306 | MEDIUM | HIGH | org.eclipse.urischeme-1.1.200.jar |
This report was generated 23.03.2021, 06:04:26 UTC, using dependency-check version: 6.0.3.