Add 307 new statements (exact_tracer)

Author: matteogreek

statements/CVE-2010-5312/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2010-5312
+notes:
+- links: []
+  text: Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog
+    widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary
+    web script or HTML via the title option.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 7e9060c109b928769a664dbcc2c17bd21231b6f3
+    repository: https://github.com/jquery/jquery-ui

statements/CVE-2011-3186/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2011-3186
+notes:
+- links: []
+  text: CRLF injection vulnerability in actionpack/lib/action_controller/response.rb
+    in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary
+    HTTP headers and conduct HTTP response splitting attacks via the Content-Type
+    header.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 11dafeaa7533be26441a63618be93a03869c83a9
+    repository: https://github.com/rails/rails

statements/CVE-2011-4030/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2011-4030
+notes:
+- links: []
+  text: The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through
+    4.2a2 does not prevent the KwAsAttributes classes from being publishable, which
+    allows remote attackers to access sub-objects via unspecified vectors, a different
+    vulnerability than CVE-2011-3587.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: d55add52e5900967c8cc78becc6790048f02015b
+    repository: https://github.com/plone/Products.CMFEditions

statements/CVE-2012-1109/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2012-1109
+notes:
+- links: []
+  text: 'mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing
+    #iferror magic functions'
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: aa987c281c10e29f26aa0faa21c04f3bb1167fde
+    repository: https://github.com/pediapress/mwlib

statements/CVE-2012-1176/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2012-1176
+notes:
+- links: []
+  text: Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before
+    0.11.0 allows remote attackers to cause a denial of service (application crash)
+    via a 4-byte utf-8 sequence.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: d2860c655357975e7b32d84e6b45e98f0dcecd7a
+    repository: https://github.com/pediapress/pyfribidi

statements/CVE-2012-3366/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2012-3366
+notes:
+- links: []
+  text: The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with
+    root access to the client to execute arbitrary commands via shell metacharacters
+    in the UUID field to the server process (bcfg2-server).
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: a524967e8d5c4c22e49cd619aed20c87a316c0be
+    repository: https://github.com/Bcfg2/bcfg2

statements/CVE-2012-3408/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2012-3408
+notes:
+- links: []
+  text: lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise
+    before 2.5.2, supports use of IP addresses in certnames without warning of potential
+    risks, which might allow remote attackers to spoof an agent by acquiring a previously
+    used IP address.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: ab9150baa1b738467a33b01df1d90e076253fbbd
+    repository: https://github.com/puppetlabs/puppet

statements/CVE-2012-6550/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2012-6550
+notes:
+- links: []
+  text: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows
+    remote attackers to inject arbitrary web script or HTML via "the clipText returned
+    from the flash object," a different vulnerability than CVE-2013-1808.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 51b67b6d696f62aaf003210c08542588222c4913
+    repository: https://github.com/zeroclipboard/zeroclipboard

statements/CVE-2013-0256/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-0256
+notes:
+- links: []
+  text: darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as
+    used in Ruby, does not properly generate documents, which allows remote attackers
+    to conduct cross-site scripting (XSS) attacks via a crafted URL.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: ffa87887ee0517793df7541629a470e331f9fe60
+    repository: https://github.com/ruby/rdoc

statements/CVE-2013-0294/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-0294
+notes:
+- links: []
+  text: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS
+    authenticators and hash passwords, which makes it easier for remote attackers
+    to obtain sensitive information via a brute force attack.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 38f74b36814ca5b1a27d9898141126af4953bee5
+    repository: https://github.com/pyradius/pyrad

statements/CVE-2013-1800/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2013-1800
+notes:
+- links: []
+  text: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts
+    of string values, which might allow remote attackers to conduct object-injection
+    attacks and execute arbitrary code, or cause a denial of service (memory and CPU
+    consumption) by leveraging Action Pack support for (1) YAML type conversion or
+    (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: e3da1212a1f84a898ee3601336d1dbbf118fb5f6
+    repository: https://github.com/jnunemaker/crack

statements/CVE-2013-1801/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2013-1801
+notes:
+- links: []
+  text: The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts
+    of string values, which might allow remote attackers to conduct object-injection
+    attacks and execute arbitrary code, or cause a denial of service (memory and CPU
+    consumption) by leveraging Action Pack support for YAML type conversion, a similar
+    vulnerability to CVE-2013-0156.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 53a812426dd32108d6cba4272b493aa03bc8c031
+    repository: https://github.com/jnunemaker/httparty

statements/CVE-2013-2013/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-2013
+notes:
+- links: []
+  text: The user-password-update command in python-keystoneclient before 0.2.4 accepts
+    the new password in the --password argument, which allows local users to obtain
+    sensitive information by listing the process.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: f2e0818bc97bfbeba83f6abbb07909a8debcad77
+    repository: https://github.com/openstack/python-keystoneclient

statements/CVE-2013-2191/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2013-2191
+notes:
+- links: []
+  text: python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows
+    man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: a782282ee479ba4cc1b8b1d89700ac630ba83eef
+    repository: https://github.com/python-bugzilla/python-bugzilla

statements/CVE-2013-3300/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2013-3300
+notes:
+- links: []
+  text: The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets
+    a certain end-index value as a length value, which allows remote authenticated
+    users to obtain sensitive information from other users' sessions via invalid input
+    data containing a < (less than) character.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 099d9c86cf6d81f4953957add478ab699946e601
+    repository: https://github.com/lift/framework

statements/CVE-2013-4116/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-4116
+notes:
+- links: []
+  text: lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users
+    to overwrite arbitrary files via a symlink attack on temporary files with predictable
+    names that are created when unpacking archives.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: f4d31693e73a963574a88000580db1a716fe66f1
+    repository: https://github.com/npm/npm

statements/CVE-2013-4413/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-4413
+notes:
+- links: []
+  text: Directory traversal vulnerability in controller/concerns/render_redirect.rb
+    in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary
+    files via a %2E%2E%2F (encoded dot dot slash) in the step.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: fe31bb2533fffc9d098c69ebeb7afc3b80509f53
+    repository: https://github.com/zombocom/wicked

statements/CVE-2013-4562/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-4562
+notes:
+- links: []
+  text: The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session
+    parameter, which allows remote attackers to conduct cross-site request forgery
+    (CSRF) attacks via the state parameter.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
+    repository: https://github.com/simi/omniauth-facebook

statements/CVE-2013-4701/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2013-4701
+notes:
+- links: []
+  text: Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers
+    to read arbitrary files, send HTTP requests to intranet servers, or cause a denial
+    of service (CPU and memory consumption) via XRDS data containing an external entity
+    declaration in conjunction with an entity reference, related to an XML External
+    Entity (XXE) issue.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 625c16bb28bb120d262b3f19f89c2c06cb9b0da9
+    repository: https://github.com/openid/php-openid

statements/CVE-2013-6465/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-6465
+notes:
+- links: []
+  text: Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench
+    6.0.x allow remote authenticated users to inject arbitrary web script or HTML
+    via vectors related to task name html inputs.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 4818204506e8e94645b52adb9426bedfa9ffdd04
+    repository: https://github.com/kiegroup/jbpm-wb

statements/CVE-2013-7378/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2013-7378
+notes:
+- links: []
+  text: scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js
+    allows remote attackers to execute arbitrary commands.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: feee5abdb038a229a98969ae443cdb8a61747782
+    repository: https://github.com/github/hubot-scripts

statements/CVE-2013-7459/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2013-7459
+notes:
+- links: []
+  text: Heap-based buffer overflow in the ALGnew function in block_templace.c in Python
+    Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary
+    code as demonstrated by a crafted iv parameter to cryptmsg.py.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+    repository: https://github.com/pycrypto/pycrypto

statements/CVE-2014-0072/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2014-0072
+notes:
+- links: []
+  text: ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin
+    (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer
+    plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to
+    spoof SSL servers by leveraging a default value of true for the trustAllHosts
+    option.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: a1d6fc07e8a40c1b2b16f4103c403b30e1089668
+    repository: https://github.com/apache/cordova-plugin-file-transfer

statements/CVE-2014-0073/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2014-0073
+notes:
+- links: []
+  text: 'The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone
+    plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser
+    plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback
+    identifiers, which allows remote attackers to execute arbitrary JavaScript in
+    the host page and consequently gain privileges via a crafted gap-iab: URI.'
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 26702cb0720c5c394b407c23570136c53171fa55
+    repository: https://github.com/apache/cordova-plugin-inappbrowser

statements/CVE-2014-0120/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2014-0120
+notes:
+- links: []
+  text: Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io
+    allows remote attackers to hijack the authentication of arbitrary users for requests
+    that run commands on the Karaf server, as demonstrated by running "shutdown -f."
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: b4e23e002639c274a2f687ada980118512f06113
+    repository: https://github.com/hawtio/hawtio

statements/CVE-2014-0160/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2014-0160
+notes:
+- links: []
+  text: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do
+    not properly handle Heartbeat Extension packets, which allows remote attackers
+    to obtain sensitive information from process memory via crafted packets that trigger
+    a buffer over-read, as demonstrated by reading private keys, related to d1_both.c
+    and t1_lib.c, aka the Heartbleed bug.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 96db9023b881d7cd9f379b0c154650d6c108e9a3
+    repository: https://github.com/openssl/openssl

statements/CVE-2014-0177/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2014-0177
+notes:
+- links: []
+  text: The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users
+    to overwrite arbitrary files via a symlink attack on a temporary patch file.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 016ec99d25b1cb83cb4367e541177aa431beb600
+    repository: https://github.com/github/hub

statements/CVE-2014-0228/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2014-0228
+notes:
+- links: []
+  text: Apache Hive before 0.13.1, when in SQL standards based authorization mode,
+    does not properly check the file permissions for (1) import and (2) export statements,
+    which allows remote authenticated users to obtain sensitive information via a
+    crafted URI.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: c3d7083b7605d1753946c4c4411e3a3241ea7ffe
+    repository: https://github.com/apache/hive

statements/CVE-2014-1202/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2014-1202
+notes:
+- links: []
+  text: The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers
+    to execute arbitrary Java code via a crafted request parameter in a WSDL file.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 6373165649ad74257493c69dbc0569caa7e6b4a6
+    repository: https://github.com/SmartBear/soapui

statements/CVE-2014-1403/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2014-1403
+notes:
+- links: []
+  text: Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19
+    allows remote attackers to inject arbitrary web script or HTML via the location.hash
+    value.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: a3194d32c25a0d27a10a47304eb9c9be93ffbf13
+    repository: https://github.com/oyvindkinsey/easyXDM

statements/CVE-2014-1604/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2014-1604
+notes:
+- links: []
+  text: The parser cache functionality in parsergenerator.py in RPLY (aka python-rply)
+    before 0.7.1 allows local users to spoof cache data by pre-creating a temporary
+    rply-*.json file with a predictable name.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c
+    repository: https://github.com/alex/rply

statements/CVE-2014-3599/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2014-3599
+notes:
+- links: []
+  text: HornetQ REST is vulnerable to XML External Entity due to insecure configuration
+    of RestEasy
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: b3a63576371828d5f8e64ba7ccbcecb1da8111d2
+    repository: https://github.com/hornetq/hornetq