Update CVE database
This commit is contained in:
		
							parent
							
								
									c5b458ec80
								
							
						
					
					
						commit
						cb1a1f67a6
					
				
					 2 changed files with 12 additions and 8 deletions
				
			
		|  | @ -40,17 +40,16 @@ $mech->add_handler("response_redirect" => sub { print '#'x80,"\nREDIRECT RESPONS | |||
| my $url = 'http://cve.mitre.org/data/downloads/allitems.csv'; | ||||
| my $resp; | ||||
| 
 | ||||
| unless (-f 'cve.csv') | ||||
| { | ||||
|     $resp=$mech->get($url);  | ||||
|     $mech->save_content( "cve.csv" ); | ||||
| } | ||||
| unlink ('cve.csv') if (-f 'cve.csv'); | ||||
| 
 | ||||
| $resp=$mech->get($url);  | ||||
| $mech->save_content( "cve.csv" ); | ||||
| 
 | ||||
| my $f=File::Util->new('readlimit' => 100000000, 'use_flock'=>'false'); | ||||
| my(@lines) = $f->load_file('cve.csv', '--as-lines'); | ||||
| my @versions; | ||||
| my $temp; | ||||
| unlink 'vulnerabilities.csv' if -f 'vulnerabilities.csv'; | ||||
| unlink '../vulnerabilities.csv' if -f '../vulnerabilities.csv'; | ||||
| foreach my $line (@lines) { | ||||
| 	if ($line =~ /(mysql|mariadb)/i  | ||||
|             and $line =~ /server/i | ||||
|  | @ -67,9 +66,11 @@ foreach my $line (@lines) { | |||
|             my @nb=split('\.', $vers); | ||||
|             #print $vers."\n".Dumper @nb; | ||||
|             #exit 0; | ||||
|             $f->write_file('file' => 'vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); | ||||
|             $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); | ||||
|         } | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| exit(0); | ||||
| unlink ('cve.csv') if (-f 'cve.csv'); | ||||
| 
 | ||||
| exit(0); | ||||
|  |  | |||
|  | @ -417,3 +417,6 @@ | |||
| 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
|  |  | |||
| 
 | 
		Loading…
	
		Reference in a new issue
	
	 root
						root