katerinaorg / ndk-samples-wei-1602 Goto Github PK
View Code? Open in Web Editor NEWThis project forked from android/ndk-samples
Android NDK samples with Android Studio
Home Page: http://developer.android.com/ndk
License: Apache License 2.0
This project forked from android/ndk-samples
Android NDK samples with Android Studio
Home Page: http://developer.android.com/ndk
License: Apache License 2.0
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jcraft/jsch/0.1.51/6ceee2696b07cc320d0e1aaea82c7b40768aca0f/jsch-0.1.51.jar
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-13956 | Medium | 5.3 | httpclient-4.1.3.jar | Transitive | 5.1.0.201809111528-r | ✅ |
CVE-2014-3577 | Medium | 4.8 | httpclient-4.1.3.jar | Transitive | 4.0.2.201509141540-r | ✅ |
CVE-2016-5725 | Low | 3.7 | jsch-0.1.51.jar | Transitive | 4.7.0.201704051617-r | ✅ |
CVE-2012-6153 | Low | 3.7 | httpclient-4.1.3.jar | Transitive | 4.0.2.201509141540-r | ✅ |
HttpComponents Client (base module)
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Publish Date: 2020-12-02
URL: CVE-2020-13956
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956
Release Date: 2020-12-02
Fix Resolution (org.apache.httpcomponents:httpclient): 4.5.13
Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 5.1.0.201809111528-r
⛑️ Automatic Remediation is available for this issue
HttpComponents Client (base module)
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Publish Date: 2014-08-21
URL: CVE-2014-3577
Base Score Metrics:
Type: Upgrade version
Release Date: 2014-08-21
Fix Resolution (org.apache.httpcomponents:httpclient): 4.3.5
Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.0.2.201509141540-r
⛑️ Automatic Remediation is available for this issue
JSch is a pure Java implementation of SSH2
Library home page: http://www.jcraft.com/jsch/
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jcraft/jsch/0.1.51/6ceee2696b07cc320d0e1aaea82c7b40768aca0f/jsch-0.1.51.jar
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Publish Date: 2017-01-19
URL: CVE-2016-5725
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725
Release Date: 2017-01-19
Fix Resolution (com.jcraft:jsch): 0.1.54
Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.7.0.201704051617-r
⛑️ Automatic Remediation is available for this issue
HttpComponents Client (base module)
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Publish Date: 2014-09-04
URL: CVE-2012-6153
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153
Release Date: 2014-09-04
Fix Resolution (org.apache.httpcomponents:httpclient): 4.2.3
Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.0.2.201509141540-r
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
Library home page: http://junit.org
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /modules-2/files-2.1/junit/junit/4.12/2973d150c0dc1fefe998f834810d68f278ea58ec/junit-4.12.jar
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-15250 | Medium | 5.5 | junit-4.12.jar | Direct | 4.13.1 | ✅ |
JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
Library home page: http://junit.org
Path to dependency file: /builder/build.gradle
Path to vulnerable library: /modules-2/files-2.1/junit/junit/4.12/2973d150c0dc1fefe998f834810d68f278ea58ec/junit-4.12.jar
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir
system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.
Publish Date: 2020-10-12
URL: CVE-2020-15250
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-269g-pwp5-87pp
Release Date: 2020-10-12
Fix Resolution: 4.13.1
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2022-28048 | High | 8.8 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | com.basemark.rocksolidsdk - 0.1.5 | ❌ |
CVE-2022-25516 | High | 7.5 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | N/A | ❌ |
CVE-2022-25515 | High | 7.5 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | N/A | ❌ |
CVE-2022-25514 | High | 7.5 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | N/A | ❌ |
CVE-2021-42716 | High | 7.1 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | com.basemark.rocksolidsdk - 0.1.5 | ❌ |
CVE-2021-42715 | Medium | 5.5 | stb4af130e86341928e3003ba5657f3e9faec50c1dc | Direct | com.basemark.rocksolidsdk - 0.1.5 | ❌ |
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_image.h
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
Publish Date: 2022-04-15
URL: CVE-2022-28048
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-28048
Release Date: 2022-04-15
Fix Resolution: com.basemark.rocksolidsdk - 0.1.5
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_truetype.h
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.
Publish Date: 2022-03-17
URL: CVE-2022-25516
Base Score Metrics:
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_truetype.h
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.
Publish Date: 2022-03-17
URL: CVE-2022-25515
Base Score Metrics:
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_truetype.h
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.
Publish Date: 2022-03-17
URL: CVE-2022-25514
Base Score Metrics:
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_image.h
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
Publish Date: 2021-10-21
URL: CVE-2021-42716
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-42716
Release Date: 2021-10-21
Fix Resolution: com.basemark.rocksolidsdk - 0.1.5
stb single-file public domain libraries for C/C++
Library home page: https://github.com/nothings/stb.git
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
/display-p3/third_party/stb/stb_image.h
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
Publish Date: 2021-10-21
URL: CVE-2021-42715
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-42715
Release Date: 2021-10-21
Fix Resolution: com.basemark.rocksolidsdk - 0.1.5
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-11023 | Medium | 6.1 | jquery-1.11.0.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
CVE-2020-11022 | Medium | 6.1 | jquery-1.11.0.min.js | Direct | jQuery - 3.5.0 | ❌ |
CVE-2019-11358 | Medium | 6.1 | jquery-1.11.0.min.js | Direct | jquery - 3.4.0 | ❌ |
CVE-2015-9251 | Low | 3.7 | jquery-1.11.0.min.js | Direct | jQuery - 3.0.0 | ❌ |
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js
Dependency Hierarchy:
Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515
Found in base branch: main
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.