Release of 104 statements

Author: matteogreek

statements/CVE-2011-1498/statement.yaml

@@ -0,0 +1,115 @@
+vulnerability_id: CVE-2011-1498
+notes:
+- links: []
+  text: Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: "1074473"
+    repository: http://svn.apache.org/repos/asf/httpcomponents/httpclient
+artifacts:
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.3.6
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.5.1
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.5.2
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.5.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.2.1.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.0.1
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.0.2
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.0
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.1
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.0.3
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.1.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.5.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.1.3.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.1.4.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.tika/tika-app@1.10
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.tika/tika-app@1.16
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.keycloak/keycloak-admin-cli@3.2.1.Final
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.1.2.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.3.1
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.1.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.2.0.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@1.1.5.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/p2.eclipse-plugin/org.apache.httpcomponents.httpclient@4.5.2.v20170210-0925
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.karaf.jaas/org.apache.karaf.jaas.modules@4.0.9
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@2.0.0.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@2.0.1.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.springframework.cloud/spring-cloud-contract-shade@2.1.0.RELEASE
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.5.8
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.5.8
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.5.12
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient@4.5.12
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/org.apache.httpcomponents/httpclient-osgi@4.5.12
+  reason: Reviewed manually
+  affected: false

statements/CVE-2011-2765/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2011-2765
+notes:
+- links:
+  - https://pythonhosted.org/Pyro/12-changes.html
+  - https://snyk.io/vuln/SNYK-PYTHON-PYRO-72279
+  text: pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 554e095a62c4412c91f981e72fd34a936ac2bf1e
+    repository: https://github.com/irmen/Pyro3

statements/CVE-2012-2417/statement.yaml

@@ -0,0 +1,17 @@
+vulnerability_id: CVE-2012-2417
+notes:
+- links:
+  - https://www.cvedetails.com/cve/CVE-2012-2417/
+  text: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 9f912f13df99ad3421eff360d6a62d7dbec755c2
+    repository: https://github.com/Legrandin/pycrypto
+artifacts:
+- id: pkg:maven/pycrypto/pycrypto@2.6.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/pycrypto/pycrypto@2.6.1
+  reason: Reviewed manually
+  affected: false

statements/CVE-2012-4406/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2012-4406
+notes:
+- links:
+  - https://nvd.nist.gov/vuln/detail/CVE-2012-4406
+  text: OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: e1ff51c04554d51616d2845f92ab726cb0e5831a
+    repository: https://github.com/openstack/swift

statements/CVE-2012-6119/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2012-6119
+notes:
+- links: []
+  text: Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: f4d93230e58b969c506b4c9778e04482a059b08c
+    repository: https://github.com/candlepin/candlepin.git

statements/CVE-2013-4347/statement.yaml

@@ -0,0 +1,25 @@
+vulnerability_id: CVE-2013-4347
+notes:
+- links:
+  - https://github.com/joestump/python-oauth2/issues/9
+  - https://github.com/joestump/python-oauth2/pull/146
+  - https://www.cvedetails.com/cve/CVE-2013-4347/
+  text: The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650
+    repository: https://github.com/joestump/python-oauth2
+artifacts:
+- id: pkg:maven/google-auth/google-auth@1.4.1
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/google-auth/google-auth@1.5.1
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/google-auth/google-auth@1.6.1
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/google-auth/google-auth@1.6.2
+  reason: Reviewed manually
+  affected: false

statements/CVE-2013-6372/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2013-6372
+notes:
+- links: []
+  text: The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 7d4562d6f7e40de04bbe29577b51c79f07d05ba6
+    repository: https://github.com/jenkinsci/subversion-plugin.git

statements/CVE-2013-7251/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2013-7251
+notes:
+- links: []
+  text: Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 422de35e3c3141e418a73bfb39b430d5fd74077e
+    repository: https://github.com/micromata/projectforge-webapp.git

statements/CVE-2014-0086/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-0086
+notes:
+- links: []
+  text: The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 8131f15003f5bec73d475d2b724472e4b87d0757
+    repository: https://github.com/pslegr/core-1.git

statements/CVE-2014-2058/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2058
+notes:
+- links: []
+  text: 'BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.'
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: b6b2a367a7976be80a799c6a49fa6c58d778b50e
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2059/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2059
+notes:
+- links: []
+  text: Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2061/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2061
+notes:
+- links: []
+  text: The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: bf539198564a1108b7b71a973bf7de963a6213ef
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2062/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2062
+notes:
+- links: []
+  text: Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 5548b5220cfd496831b5721124189ff18fbb12a3
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2064/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2064
+notes:
+- links: []
+  text: The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: fbf96734470caba9364f04e0b77b0bae7293a1ec
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2065/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2065
+notes:
+- links: []
+  text: Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: a0b00508eeb74d7033dc4100eb382df4e8fa72e7
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2066/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2066
+notes:
+- links: []
+  text: Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 8ac74c350779921598f9d5edfed39dd35de8842a
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2067/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2067
+notes:
+- links: []
+  text: Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 5d57c855f3147bfc5e7fda9252317b428a700014
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2014-2068/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2014-2068
+notes:
+- links: []
+  text: The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 0530a6645aac10fec005614211660e98db44b5eb
+    repository: https://github.com/jenkinsci/jenkins.git

statements/CVE-2015-1838/statement.yaml

@@ -0,0 +1,11 @@
+vulnerability_id: CVE-2015-1838
+notes:
+- links:
+  - https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
+  - https://www.cvedetails.com/cve/CVE-2015-1838/
+  text: modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: e11298d7155e9982749483ca5538e46090caef9c
+    repository: https://github.com/saltstack/salt

statements/CVE-2015-1839/statement.yaml

@@ -0,0 +1,13 @@
+vulnerability_id: CVE-2015-1839
+notes:
+- links:
+  - https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
+  - https://www.cvedetails.com/cve/CVE-2015-1839/
+  text: modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
+    repository: https://github.com/saltstack/salt
+  - id: b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
+    repository: https://github.com/saltstack/salt

statements/CVE-2015-5081/statement.yaml

@@ -0,0 +1,9 @@
+vulnerability_id: CVE-2015-5081
+notes:
+- links: []
+  text: Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: f77cbc607d6e2a62e63287d37ad320109a2cc78a
+    repository: https://github.com/divio/django-cms

statements/CVE-2016-1000001/statement.yaml

@@ -0,0 +1,10 @@
+vulnerability_id: CVE-2016-1000001
+notes:
+- links:
+  - https://www.cvedetails.com/cve/CVE-2016-1000001/
+  text: flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: f2ef8b4ffa445be00f6602e446e60916f4ee4d30
+    repository: https://github.com/puiterwijk/flask-oidc

statements/CVE-2016-10075/statement.yaml

@@ -0,0 +1,21 @@
+vulnerability_id: CVE-2016-10075
+notes:
+- links:
+  - https://www.cvedetails.com/cve/CVE-2016-10075/
+  - https://www.openwall.com/lists/oss-security/2016/12/28/8
+  text: The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 7996430e92ca0babec510fcf18d62c9f9c4e6b4d
+    repository: https://github.com/tqdm/tqdm
+artifacts:
+- id: pkg:maven/tqdm/tqdm@4.23.3
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/tqdm/tqdm@4.23.4
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/tqdm/tqdm@4.11.2
+  reason: Reviewed manually
+  affected: false

statements/CVE-2016-10187/statement.yaml

@@ -0,0 +1,12 @@
+vulnerability_id: CVE-2016-10187
+notes:
+- links:
+  - https://bugs.launchpad.net/calibre/+bug/1651728
+  - https://bugs.mageia.org/show_bug.cgi?id=20225
+  - https://www.openwall.com/lists/oss-security/2017/01/29/8
+  text: The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: 3a89718664cb8cce0449d1758eee585ed0d0433c
+    repository: https://github.com/kovidgoyal/calibre