-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3157 from branch 'origin/main' into dev
- Loading branch information
Showing
43 changed files
with
244 additions
and
295 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -809,7 +809,7 @@ | |
| "shortName": "Axis", | ||
| "cnaID": "CNA-2021-0014", | ||
| "organizationName": "Axis Communications AB", | ||
| "scope": "All products of Axis Communications AB including end-of-life/end-of-service products", | ||
| "scope": "All products of Axis Communications AB and 2N including end-of-life/end-of-service products", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -2668,7 +2668,7 @@ | |
| "shortName": "fedora", | ||
| "cnaID": "CNA-2017-0021", | ||
| "organizationName": "Fedora Project", | ||
| "scope": "Vulnerabilities in open-source projects affecting the Fedora Project, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported releases by the Fedora Project", | ||
| "scope": "Vulnerabilities in open source projects affecting the Fedora Project, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported releases by the Fedora Project", | ||
| "contact": [ | ||
| { | ||
| "email": [], | ||
|
|
@@ -3817,7 +3817,7 @@ | |
| "shortName": "hp", | ||
| "cnaID": "CNA-2009-0003", | ||
| "organizationName": "HP Inc.", | ||
| "scope": "HP Inc. issues only", | ||
| "scope": "Issues with any HP-branded product, including computing software and hardware, imaging and printing, as well as HyperX, Teradici, Poly, and Plantronics branded devices", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -6806,7 +6806,7 @@ | |
| "advisories": [ | ||
| { | ||
| "label": "Advisories", | ||
| "url": "https://www.php.net/ChangeLog-7.php" | ||
| "url": "https://www.php.net/ChangeLog-8.php" | ||
| } | ||
| ] | ||
| }, | ||
|
|
@@ -6837,7 +6837,7 @@ | |
| { | ||
| "shortName": "Perforce", | ||
| "cnaID": "CNA-2016-0023", | ||
| "organizationName": "Perforce (formerly Puppet)", | ||
| "organizationName": "Perforce", | ||
| "scope": "All Perforce products", | ||
| "contact": [ | ||
| { | ||
|
|
@@ -7065,7 +7065,7 @@ | |
| "shortName": "redhat", | ||
| "cnaID": "CNA-2005-0006", | ||
| "organizationName": "Red Hat, Inc.", | ||
| "scope": "<strong>Root Scope:</strong> The Red Hat Root’s scope includes the open-source community. Any open-source organizations that prefer Red Hat as their Root; organizations are free to choose another Root if it suits them better<br/><strong>CNA Scope:</strong> Vulnerabilities in open-source projects affecting Red Hat software that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported Red Hat software", | ||
| "scope": "<strong>Root Scope:</strong> The Red Hat Root’s scope includes the open source community. Any open source organizations that prefer Red Hat as their Root; organizations are free to choose another Root if it suits them better<br/><strong>CNA Scope:</strong> Vulnerabilities in open source projects affecting Red Hat software that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported Red Hat software", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -8929,23 +8929,40 @@ | |
| "emailAddr": "[email protected]" | ||
| } | ||
| ], | ||
| "contact": [], | ||
| "contact": [ | ||
| { | ||
| "label": "Report a Vulnerability (Turkish)", | ||
| "language": "Turkish", | ||
| "url": "https://www.usom.gov.tr/zafiyet" | ||
| }, | ||
| { | ||
| "label": "Report a Vulnerability (English)", | ||
| "language": "English", | ||
| "url": "https://www.usom.gov.tr/en/vulnerability" | ||
| } | ||
| ], | ||
| "form": [] | ||
| } | ||
| ], | ||
| "disclosurePolicy": [ | ||
| { | ||
| "label": "Policy", | ||
| "language": "", | ||
| "url": "https://www.usom.gov.tr/en" | ||
| "label": "Policy (Turkish)", | ||
| "language": "Turkish", | ||
| "url": "https://www.usom.gov.tr/zafiyet-bildirim-politikasi" | ||
| }, | ||
| { | ||
| "label": "Policy (English)", | ||
| "language": "English", | ||
| "url": "https://www.usom.gov.tr/en/vulnerability-disclosure-policy" | ||
| } | ||
| ], | ||
| "securityAdvisories": { | ||
| "alerts": [], | ||
| "advisories": [ | ||
| { | ||
| "label": "Advisories", | ||
| "url": "https://www.usom.gov.tr/tehdit.html" | ||
| "label": "Advisories (Turkish)", | ||
| "language": "Turkish", | ||
| "url": "https://www.usom.gov.tr/bildirim" | ||
| } | ||
| ] | ||
| }, | ||
|
|
@@ -9102,7 +9119,7 @@ | |
| "shortName": "Vaadin", | ||
| "cnaID": "CNA-2021-0015", | ||
| "organizationName": "Vaadin Ltd.", | ||
| "scope": "All Vaadin products and supported open-source projects hosted at <a href='https://github.com/vaadin' target='_blank'>https://github.com/vaadin</a>", | ||
| "scope": "All Vaadin products and supported open source projects hosted at <a href='https://github.com/vaadin' target='_blank'>https://github.com/vaadin</a>", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -14699,7 +14716,7 @@ | |
| "shortName": "Docker", | ||
| "cnaID": "CNA-2022-0050", | ||
| "organizationName": "Docker Inc.", | ||
| "scope": "All Docker products, including Docker Desktop and Docker Hub, as well as Docker maintained open-source projects", | ||
| "scope": "All Docker products, including Docker Desktop and Docker Hub, as well as Docker maintained open source projects", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -14997,7 +15014,7 @@ | |
| "shortName": "dotCMS", | ||
| "cnaID": "CNA-2023-0001", | ||
| "organizationName": "dotCMS LLC", | ||
| "scope": "All dotCMS product services including the vulnerabilities reported in our open-source core located at <a href='https://github.com/dotCMS/core' target='_blank'>https://github.com/dotCMS/core</a>", | ||
| "scope": "All dotCMS product services including the vulnerabilities reported in our open source core located at <a href='https://github.com/dotCMS/core' target='_blank'>https://github.com/dotCMS/core</a>", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -15059,7 +15076,7 @@ | |
| "shortName": "DHIS2", | ||
| "cnaID": "CNA-2023-0002", | ||
| "organizationName": "The HISP Centre at the University of Oslo", | ||
| "scope": "Security issues in <a href='https://github.com/dhis2' target='_blank'>DHIS2</a> open-source web and mobile software applications", | ||
| "scope": "Security issues in <a href='https://github.com/dhis2' target='_blank'>DHIS2</a> open source web and mobile software applications", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -16251,7 +16268,7 @@ | |
| "shortName": "Ribose", | ||
| "cnaID": "CNA-2023-0023", | ||
| "organizationName": "Ribose Limited", | ||
| "scope": "All Ribose products and services, including open-source projects, supported products, and end-of-life/end-of-service products", | ||
| "scope": "All Ribose products and services, including open source projects, supported products, and end-of-life/end-of-service products", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -16533,7 +16550,7 @@ | |
| "shortName": "IoT83", | ||
| "cnaID": "CNA-2023-0028", | ||
| "organizationName": "IoT83 Ltd", | ||
| "scope": "Vulnerabilities in IoT83 product(s), services, and components only. Third-party, open-source components used in IoT83 product(s), services, and components are not in scope", | ||
| "scope": "Vulnerabilities in IoT83 product(s), services, and components only. Third-party, open source components used in IoT83 product(s), services, and components are not in scope", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -16899,7 +16916,7 @@ | |
| "shortName": "samsung.tv_appliance", | ||
| "cnaID": "CNA-2023-0034", | ||
| "organizationName": "Samsung TV & Appliance", | ||
| "scope": "Samsung TV & Appliance products, Samsung-owned open-source projects listed on <a href='https://github.com/Samsung/' target='_blank'>https://github.com/Samsung/</a>, as well as vulnerabilities in third-party software discovered by Samsung that are not in another CNA’s scope. Vulnerabilities affecting end-of-life/end-of-service products are in scope. The following categories of Samsung Products are in scope: Internet-connected home appliances, B2C product (smart TV, smart monitor, soundbar, and projector), and B2B products (digital signage, interactive display, and kiosk)", | ||
| "scope": "Samsung TV & Appliance products, Samsung-owned open source projects listed on <a href='https://github.com/Samsung/' target='_blank'>https://github.com/Samsung/</a>, as well as vulnerabilities in third-party software discovered by Samsung that are not in another CNA’s scope. Vulnerabilities affecting end-of-life/end-of-service products are in scope. The following categories of Samsung Products are in scope: Internet-connected home appliances, B2C product (smart TV, smart monitor, soundbar, and projector), and B2B products (digital signage, interactive display, and kiosk)", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -19436,7 +19453,7 @@ | |
| "shortName": "Checkmarx", | ||
| "cnaID": "CNA-2023-0078", | ||
| "organizationName": "Checkmarx", | ||
| "scope": "Vulnerabilities in Checkmarx products and open-source vulnerabilities discovered by, or reported to, Checkmarx, that are not in another CNA’s scope", | ||
| "scope": "Vulnerabilities in Checkmarx products and open source vulnerabilities discovered by, or reported to, Checkmarx, that are not in another CNA’s scope", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -19719,7 +19736,7 @@ | |
| "shortName": "EDB", | ||
| "cnaID": "CNA-2023-0083", | ||
| "organizationName": "EnterpriseDB Corporation", | ||
| "scope": "All EnterpriseDB products and vulnerabilities identified in open-source libraries used by EnterpriseDB products unless covered by another CNA’s scope", | ||
| "scope": "All EnterpriseDB products and vulnerabilities identified in open source libraries used by EnterpriseDB products unless covered by another CNA’s scope", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
@@ -23203,7 +23220,7 @@ | |
| "shortName": "seal", | ||
| "cnaID": "CNA-2024-0060", | ||
| "organizationName": "Seal Security", | ||
| "scope": "Vulnerabilities in Seal products or services and vulnerabilities discovered in open-source libraries unless covered by the scope of another CNA", | ||
| "scope": "Vulnerabilities in Seal products or services and vulnerabilities discovered in open source libraries unless covered by the scope of another CNA", | ||
| "contact": [ | ||
| { | ||
| "email": [ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.