|
Lines 58-63
Link Here
|
| 58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
| 59 |
--> |
59 |
--> |
| 60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
|
| 62 |
<vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f"> |
| 63 |
<topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic> |
| 64 |
<affects> |
| 65 |
<package> |
| 66 |
<name>payara</name> |
| 67 |
<range><lt>5.201</lt></range> |
| 68 |
</package> |
| 69 |
</affects> |
| 70 |
<description> |
| 71 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 72 |
<p>Payara Releases reports:</p> |
| 73 |
<blockquote cite="https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html"> |
| 74 |
<p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> |
| 75 |
<ul> |
| 76 |
<li>CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw via either loc/con parameters</li> |
| 77 |
</ul> |
| 78 |
</blockquote> |
| 79 |
</body> |
| 80 |
</description> |
| 81 |
<references> |
| 82 |
<cvename>CVE-2020-6950</cvename> |
| 83 |
<url>https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html</url> |
| 84 |
</references> |
| 85 |
<dates> |
| 86 |
<discovery>2020-01-13</discovery> |
| 87 |
<entry>2020-10-06</entry> |
| 88 |
</dates> |
| 89 |
</vuln> |
| 90 |
|
| 91 |
<vuln vid="bd159669-0808-11eb-a3a4-0019dbb15b3f"> |
| 92 |
<topic>Payara -- A Polymorphic Typing issue in FasterXML jackson-databind</topic> |
| 93 |
<affects> |
| 94 |
<package> |
| 95 |
<name>payara</name> |
| 96 |
<range><lt>5.193</lt></range> |
| 97 |
</package> |
| 98 |
</affects> |
| 99 |
<description> |
| 100 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 101 |
<p>Payara Releases reports:</p> |
| 102 |
<blockquote cite="https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html"> |
| 103 |
<p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> |
| 104 |
<ul> |
| 105 |
<li>CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9</li> |
| 106 |
</ul> |
| 107 |
</blockquote> |
| 108 |
</body> |
| 109 |
</description> |
| 110 |
<references> |
| 111 |
<cvename>CVE-2019-12086</cvename> |
| 112 |
<url>https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html</url> |
| 113 |
</references> |
| 114 |
<dates> |
| 115 |
<discovery>2019-05-17</discovery> |
| 116 |
<entry>2020-10-06</entry> |
| 117 |
</dates> |
| 118 |
</vuln> |
| 119 |
|
| 120 |
<vuln vid="71c71ce0-0805-11eb-a3a4-0019dbb15b3f"> |
| 121 |
<topic>payara -- multiple vulnerabilities</topic> |
| 122 |
<affects> |
| 123 |
<package> |
| 124 |
<name>payara</name> |
| 125 |
<range><lt>5.191</lt></range> |
| 126 |
</package> |
| 127 |
</affects> |
| 128 |
<description> |
| 129 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 130 |
<p>Payara Releases reports:</p> |
| 131 |
<blockquote cite="https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html"> |
| 132 |
<p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> |
| 133 |
<ul> |
| 134 |
<li>CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks</li> |
| 135 |
<li>CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct external XML entity (XXE) attacks</li> |
| 136 |
<li>CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code</li> |
| 137 |
<li>CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code</li> |
| 138 |
<li>CVE-2018-14371 Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter</li> |
| 139 |
</ul> |
| 140 |
</blockquote> |
| 141 |
</body> |
| 142 |
</description> |
| 143 |
<references> |
| 144 |
<cvename>CVE-2018-14721</cvename> |
| 145 |
<cvename>CVE-2018-14720</cvename> |
| 146 |
<cvename>CVE-2018-14719</cvename> |
| 147 |
<cvename>CVE-2018-14718</cvename> |
| 148 |
<cvename>CVE-2018-14371</cvename> |
| 149 |
<url>https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html</url> |
| 150 |
</references> |
| 151 |
<dates> |
| 152 |
<discovery>2019-02-01</discovery> |
| 153 |
<entry>2020-10-06</entry> |
| 154 |
</dates> |
| 155 |
</vuln> |
| 156 |
|
| 61 |
<vuln vid="769a4f60-9056-4c27-89a1-1758a59a21f8"> |
157 |
<vuln vid="769a4f60-9056-4c27-89a1-1758a59a21f8"> |
| 62 |
<topic>zeek -- Vulnerability due to memory leak</topic> |
158 |
<topic>zeek -- Vulnerability due to memory leak</topic> |
| 63 |
<affects> |
159 |
<affects> |