奇安信CodeSafe
奇安信CodeSafe
https://github.com/Autodesk/hig/blob/80680833679c324da5bb36cfe74f36c15c9672bc/acceptance/yarn.lock#L6871-L6873 CVE-2020-28499 Recommended upgrade version:2.1.1
https://github.com/douban/rexxar-android/blob/0717af0e1eb66e4a5fbf124efa969d09052cd622/core/build.gradle#L29 CVE-2018-20200 Recommended upgrade version:3.12.1
AlertDialogWidget.java中利用了javascript伪协议  攻击者可以通过控制data来执行任意javascript代码
https://github.com/vipshop/TupleNet/blob/0411e2b154b080a1ad8625ee70bcb9069210c71f/src/tuplenet/tools/edge-operate.py#L504 Unused value
https://github.com/vipshop/TupleNet/blob/0411e2b154b080a1ad8625ee70bcb9069210c71f/src/tuplenet/lcp/tuplerun.py#L69 An internal information leak occurs when system data or debugging information is sent to a local file, console, or screen via printing or logging. It is recommended to use...
https://github.com/cisco/joy/blob/a5449768b023fbf2c4b782aa592cad0a0a1b74cf/src/jfd-anon.c#L103
https://github.com/cisco/joy/blob/5dd5b71bc1fe71ff0d0cf1b6263e6f5449cd622d/src/procwatch.c#L546 dummy_string defined here: https://github.com/cisco/joy/blob/5dd5b71bc1fe71ff0d0cf1b6263e6f5449cd622d/src/procwatch.c#L520 macro PID_MAX_LEN defined here: https://github.com/cisco/joy/blob/5dd5b71bc1fe71ff0d0cf1b6263e6f5449cd622d/src/procwatch.c#L513 no limitation for "%s" while calling fscanf() may cause overwrite. rc = fscanf(ps_file,"%lu %64s\n",&ps_pid,dummy_string);
https://github.com/cerner/ccl-testing/blob/e62f1f8d30ca8e6a55570b0236b343188125c9f1/cerreal-maven-plugin/src/main/java/com/cerner/ccl/testing/xsl/XslAPI.java#L133 Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
https://github.com/ctripcorp/kbear/blob/f9916740c386e927626e45257a7a10c1cadca4ff/java/pom.xml#L68 CVE-2020-5421 Recommended upgrade version:2.1.17.RELEASE
https://github.com/ctripcorp/kbear/blob/f9916740c386e927626e45257a7a10c1cadca4ff/java/pom.xml#L65 CVE-2018-17196 CVE-2019-12399 Recommended upgrade version:2.1.0.3.4.0.2-1