Skip to content

Commit 5ce5b34

Browse files
hcastilhohcastilho
committed
Vulnerability severity update
1 parent 6e3b05c commit 5ce5b34

File tree

125 files changed

+465
-258
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

125 files changed

+465
-258
lines changed

angularjs-library-with-known-vulnerabilities.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: AngularJS library with known vulnerabilities
33
severity: low
44
cvss-score: 4.8
5-
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
66
cwe-id: CWE-1035
77
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5, A6
1212
pci: '6.2'
13-
PCI v4.0: pci4-6.2.4, pci4-6.3.3
13+
PCI-DSS v4.0.1: 6.2.4, 6.3.3
1414

1515
---
1616

application-error-message.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: Application error message
33
severity: medium
44
cvss-score: 5.3
5-
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
66
cwe-id: CWE-550
77
cwe-name: Server-generated Error Message Containing Sensitive Information
88
compliance:
99
HIPAA: 164.306(a)
10-
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12
10+
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.25
1111
owasp10: A5
1212
pci: 6.5.5
13-
PCI v4.0: pci4-6.2.4
13+
PCI-DSS v4.0.1: 6.2.4
1414

1515
---
1616

aspnet-debugging-enabled.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: ASP.NET debugging enabled
33
severity: low
44
cvss-score: 5.3
5-
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
66
cwe-id: CWE-489
77
cwe-name: Active Debug Code
88
compliance:
99
HIPAA: 164.306(a), 164.312(a)(1), 164.312(d)
10-
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.15
10+
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.15, A.8.25
1111
owasp10: A1, A5
1212
pci: 6.5.5
13-
PCI v4.0: pci4-6.2.4
13+
PCI-DSS v4.0.1: 6.2.4
1414

1515
---
1616

aspnet-tracing-enabled.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,16 @@
11
---
22
name: ASP.NET tracing enabled
33
severity: high
4-
cvss-score: 9.1
5-
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4+
cvss-score: 8.2
5+
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
66
cwe-id: CWE-11
77
cwe-name: 'ASP.NET Misconfiguration: Creating Debug Binary'
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12
1111
owasp10: A5
1212
pci: 6.5.5
13-
PCI v4.0: pci4-6.2.4
13+
PCI-DSS v4.0.1: 6.2.4
1414

1515
---
1616

aspnet-viewstate-without-mac.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
---
22
name: ASP.NET ViewState without MAC
3-
severity: low
3+
severity: medium
44
cvss-score: 5.3
5-
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
66
cwe-id: CWE-642
77
cwe-name: External Control of Critical State Data
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5
12-
PCI v4.0: pci4-6.2.4
12+
PCI-DSS v4.0.1: 6.2.4
1313

1414
---
1515

axios-library-with-known-vulnerabilities.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: Axios library with known vulnerabilities
33
severity: low
44
cvss-score: 4.8
5-
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
66
cwe-id: CWE-1035
77
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5, A6
1212
pci: '6.2'
13-
PCI v4.0: pci4-6.2.4, pci4-6.3.3
13+
PCI-DSS v4.0.1: 6.2.4, 6.3.3
1414

1515
---
1616

backbone-library-with-known-vulnerabilities.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: Backbone library with known vulnerabilities
33
severity: low
44
cvss-score: 4.8
5-
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
66
cwe-id: CWE-1035
77
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5, A6
1212
pci: '6.2'
13-
PCI v4.0: pci4-6.2.4, pci4-6.3.3
13+
PCI-DSS v4.0.1: 6.2.4, 6.3.3
1414

1515
---
1616

bootstrap-library-with-known-vulnerabilities.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
name: Bootstrap library with known vulnerabilities
33
severity: low
44
cvss-score: 4.8
5-
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5+
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
66
cwe-id: CWE-1035
77
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
88
compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5, A6
1212
pci: '6.2'
13-
PCI v4.0: pci4-6.2.4, pci4-6.3.3
13+
PCI-DSS v4.0.1: 6.2.4, 6.3.3
1414

1515
---
1616

browser-content-sniffing-allowed.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ compliance:
99
HIPAA: 164.306(a)
1010
ISO 27001: A.8.9
1111
owasp10: A5
12-
PCI v4.0: pci4-6.2.4
12+
PCI-DSS v4.0.1: 6.2.4
1313

1414
---
1515

certificate-with-insufficient-key-size-or-usage-or-insecure-signature-algorithm.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ compliance:
1010
ISO 27001: A.5.14, A.8.9, A.8.24
1111
owasp10: A2
1212
pci: 4.1, 6.5.4
13-
PCI v4.0: pci4-4.2.1, pci4-6.2.4
13+
PCI-DSS v4.0.1: 4.2.1, 6.2.4
1414

1515
---
1616

0 commit comments

Comments
 (0)