search

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
https://public.vulnerablecode.io
Apache License 2.0
536 stars 201 forks source link

Invalid skipping of data based on summaries #912

Open pombredanne opened 2 years ago

pombredanne commented 2 years ago

Running importers and improvers:

Inconsistent summary for <Vulnerability: VULCOID-B5K>. Existing: Improper Handling of URL Encoding (Hex Encoding)
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded., provided: serve node module suffers fro
m Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Inconsistent summary for <Vulnerability: VULCOID-1BL1>. Existing: CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106), provided: Cross-site scr
ipting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging
 a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.
Inconsistent summary for <Vulnerability: VULCOID-7A>. Existing: , provided: Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to p
erform out of bounds memory access via a crafted HTML page.
Inconsistent summary for <Vulnerability: VULCOID-7A>. Existing: , provided: Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to p
erform out of bounds memory access via a crafted HTML page.
Inconsistent summary for <Vulnerability: VULCOID-7A>. Existing: , provided: Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to p
erform out of bounds memory access via a crafted HTML page.
Inconsistent summary for <Vulnerability: VULCOID-7A>. Existing: , provided: Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to p
erform out of bounds memory access via a crafted HTML page.
Inconsistent summary for <Vulnerability: VULCOID-A7X>. Existing: Missing Authentication for Critical Function
TG1999 commented 2 years ago

relates to https://github.com/nexB/vulnerablecode/issues/859