This documentation was built to support this blog post:
\nhttps://www.signalscorps.com/blog/2022/enriching-cve-cwe-capec-attack-stix-2
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"16438573","collectionId":"c7909178-e3f5-4139-8905-5cc381af70df","publishedId":"UzXKWe99","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"publishDate":"2022-07-23T11:06:28.000Z"},"item":[{"name":"v1","item":[{"name":"Retrieve a specific CVE","id":"ccbea332-b171-4bb7-bf47-62ffb607cc0a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{host}}/cve/1.0/:CVE?apiKey={{apiKey}}&addOns=dictionaryCpes","urlObject":{"path":["cve","1.0",":CVE"],"host":["{{host}}"],"query":[{"description":{"content":"To start using the NVD API's you will need to request an API key here: https://nvd.nist.gov/developers/start-here
\n","type":"text/plain"},"key":"apiKey","value":"{{apiKey}}"},{"description":{"content":"By default, the response includes all CPE applicability statements associated with the vulnerability. Applicability statements are CPE match strings that may be used in searching the Official CPE Dictionary. Including addOns=dictionaryCpes adds the official CPE names to the request, but can return a significantly denser amount of text.
\n","type":"text/plain"},"key":"addOns","value":"dictionaryCpes"}],"variable":[{"description":{"content":"Full CVE in format CVE-XXX-XXXXX
To start using the NVD API's you will need to request an API key here: https://nvd.nist.gov/developers/start-here
\n","type":"text/plain"},"key":"apiKey","value":"{{apiKey}}"},{"description":{"content":"By default, the response includes all CPE applicability statements associated with the vulnerability. Applicability statements are CPE match strings that may be used in searching the Official CPE Dictionary. Including addOns=dictionaryCpes adds the official CPE names to the request.
\n","type":"text/plain"},"key":"addOns","value":"dictionaryCpes"},{"disabled":true,"description":{"content":"This parameter is used to filter vulnerabilities more broadly than cpeName. The value of cpeMatchString is compared against the CPE Match Criteria present on CVE applicability statements. cpeName is a recommended alternative for many use cases. Please note, when both cpeName and cpeMatchString are provided, only the cpeName is used.
\n","type":"text/plain"},"key":"cpeMatchString","value":"cpe:2.3:o:apple"},{"disabled":true,"description":{"content":"This parameter is used to find CVEs that affect specific products. The exact value of cpeName is compared to the CPE Match Criteria so that only CVE affecting the named CPE are returned.
\n","type":"text/plain"},"key":"cpeName","value":""},{"disabled":true,"description":{"content":"These parameters are used to filter vulnerabilities based on CVSS vector strings. Either full or partial vector strings may be used.
\n","type":"text/plain"},"key":"cvssV2Metrics","value":"AV:N/AC:M"},{"disabled":true,"description":{"content":"CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, https://www.first.org/cvss/. Either the cvssV2Severity or cvssV3Severity parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, cvssV3Severity=CRITICAL is also supported.
\n","type":"text/plain"},"key":"cvssV2Severity","value":"HIGH"},{"disabled":true,"description":{"content":"These parameters are used to filter vulnerabilities based on CVSS vector strings. Either full or partial vector strings may be used.
\n","type":"text/plain"},"key":"cvssV3Metrics","value":"AV:N/AC:H"},{"disabled":true,"description":{"content":"CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, https://www.first.org/cvss/. Either the cvssV2Severity or cvssV3Severity parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, cvssV3Severity=CRITICAL is also supported.
\n","type":"text/plain"},"key":"cvssV3Severity","value":"CRITICAL"},{"disabled":true,"description":{"content":"CWE refers to the classification of vulnerabilities used by NIST and managed by MITRE at https://cwe.mitre.org/. NVD analysts associate one or more CWE to each vulnerability during the analysis process.
\n","type":"text/plain"},"key":"cweId","value":"CWE-20"},{"disabled":true,"description":{"content":"true By default, the modStartDate and modEndDate parameters include only a collection of CVE where the CVE information was modified. The modification of product names by NIST in the Official CPE Dictionary does not modify related CVE. includeMatchStringChange=true returns a collection of CVE where either the vulnerabilities or the associated product names were modified.
\n","type":"text/plain"},"key":"includeMatchStringChange","value":"true"},{"disabled":true,"description":{"content":"true If the keyword is a phrase, i.e., contains more than one term, including isExactMatch=true retrieves records matching the exact phrase. Otherwise, the results contain any record having any of the terms.
\n","type":"text/plain"},"key":"isExactMatch","value":""},{"disabled":true,"description":{"content":"This parameter is used to retrieve records where a word or phrase is found in the vulnerability description or reference links.
\n","type":"text/plain"},"key":"keyword","value":""},{"disabled":true,"description":{"content":"These parameters specify a collection of CVE that were last modified during the period. If a CVE has been modified more recently than the specified period it will not be included in the response. If filtering by the last modified date, both modStartDate and modEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:
\nyyyy-MM-ddTHH:mm:ss:SSS Z
\n","type":"text/plain"},"key":"modStartDate","value":"2022-01-01T00:00:00:001%20Z"},{"disabled":true,"key":"modEndDate","value":"2022-04-01T00:00:00:000%20Z"},{"disabled":true,"description":{"content":"These parameters specify a collection of CVE that were added to the NVD (i.e., published) during the period. If filtering by the publication date, both pubStartDate and pubEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:\nyyyy-MM-ddTHH:mm:ss:SSS Z
\n","type":"text/plain"},"key":"pubStartDate","value":"2022-01-01T00:00:00:001%20Z"},{"disabled":true,"key":"pubEndDate","value":"2022-04-01T00:00:00:000%20Z"},{"disabled":true,"description":{"content":"This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20. For network considerations, maximum allowable limit is 2,000.
\n","type":"text/plain"},"key":"resultsPerPage","value":"500"},{"disabled":true,"description":{"content":"modifiedDate By default, the API responds with the most recently modified CVE first.
\n","type":"text/plain"},"key":"sortOrder","value":"publishedDate"},{"disabled":true,"description":{"content":"This parameter determines the first CVE in the collection returned by the response. The index is zero-based, meaning the first CVE is at index zero. The response header totalResults indicates the number of CVE results that match request parameters. If the value of totalResults is greater than the value of resultsPerPage, the parameter startIndex may be used in subsequent requests to identify the first CVE for the request.
\n","type":"text/plain"},"key":"startIndex","value":"1"}],"variable":[]}},"response":[{"id":"51062e13-f73d-4409-a6b8-d61ca7d641ed","name":"Retrieve a collection of CVE","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{host}}/cves/1.0/?apiKey={{apiKey}}","host":["{{host}}"],"path":["cves","1.0",""],"query":[{"key":"apiKey","value":"{{apiKey}}","description":"To start using the NVD API's you will need to request an API key here: https://nvd.nist.gov/developers/start-here"},{"key":"addOns","value":"dictionaryCpes","description":"By default, the response includes all CPE applicability statements associated with the vulnerability. Applicability statements are CPE match strings that may be used in searching the Official CPE Dictionary. Including addOns=dictionaryCpes adds the official CPE names to the request.","disabled":true},{"key":"cpeMatchString","value":"","description":"This parameter is used to filter vulnerabilities more broadly than cpeName. The value of cpeMatchString is compared against the CPE Match Criteria present on CVE applicability statements. cpeName is a recommended alternative for many use cases. Please note, when both cpeName and cpeMatchString are provided, only the cpeName is used.","disabled":true},{"key":"cpeName","value":"","description":"This parameter is used to find CVEs that affect specific products. The exact value of cpeName is compared to the CPE Match Criteria so that only CVE affecting the named CPE are returned.","disabled":true},{"key":"cvssV2Metrics","value":"","description":"These parameters are used to filter vulnerabilities based on CVSS vector strings. Either full or partial vector strings may be used.","disabled":true},{"key":"cvssV2Severity","value":"","description":"CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, https://www.first.org/cvss/. Either the cvssV2Severity or cvssV3Severity parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, cvssV3Severity=CRITICAL is also supported.","disabled":true},{"key":"cvssV3Metrics","value":"","description":"These parameters are used to filter vulnerabilities based on CVSS vector strings. Either full or partial vector strings may be used.","disabled":true},{"key":"cvssV3Severity","value":"","description":"CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, https://www.first.org/cvss/. Either the cvssV2Severity or cvssV3Severity parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, cvssV3Severity=CRITICAL is also supported.","disabled":true},{"key":"cweId","value":"","description":"CWE refers to the classification of vulnerabilities used by NIST and managed by MITRE at https://cwe.mitre.org/. NVD analysts associate one or more CWE to each vulnerability during the analysis process.","disabled":true},{"key":"includeMatchStringChange","value":"","description":"true By default, the modStartDate and modEndDate parameters include only a collection of CVE where the CVE information was modified. The modification of product names by NIST in the Official CPE Dictionary does not modify related CVE. includeMatchStringChange=true returns a collection of CVE where either the vulnerabilities or the associated product names were modified.","disabled":true},{"key":"isExactMatch","value":"","description":"true If the keyword is a phrase, i.e., contains more than one term, including isExactMatch=true retrieves records matching the exact phrase. Otherwise, the results contain any record having any of the terms.","disabled":true},{"key":"keyword","value":"","description":"This parameter is used to retrieve records where a word or phrase is found in the vulnerability description or reference links.","disabled":true},{"key":"modStartDate","value":"","description":"These parameters specify a collection of CVE that were last modified during the period. If a CVE has been modified more recently than the specified period it will not be included in the response. If filtering by the last modified date, both modStartDate and modEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:\n\nyyyy-MM-ddTHH:mm:ss:SSS Z","disabled":true},{"key":"modEndDate","value":"","disabled":true},{"key":"pubStartDate","value":"","description":"These parameters specify a collection of CVE that were added to the NVD (i.e., published) during the period. If filtering by the publication date, both pubStartDate and pubEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:\nyyyy-MM-ddTHH:mm:ss:SSS Z","disabled":true},{"key":"pubEndDate","value":"","disabled":true},{"key":"resultsPerPag","value":"","description":"This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20. For network considerations, maximum allowable limit is 2,000.","disabled":true},{"key":"sortOrder","value":"publishedDate","description":"modifiedDate By default, the API responds with the most recently modified CVE first.","disabled":true},{"key":"startIndex","value":"","description":"This parameter determines the first CVE in the collection returned by the response. The index is zero-based, meaning the first CVE is at index zero. The response header totalResults indicates the number of CVE results that match request parameters. If the value of totalResults is greater than the value of resultsPerPage, the parameter startIndex may be used in subsequent requests to identify the first CVE for the request.","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"content-type","value":"application/json"},{"key":"content-encoding","value":"gzip"},{"key":"vary","value":"Accept-Encoding"},{"key":"x-frame-options","value":"SAMEORIGIN"},{"key":"x-frame-options","value":"SAMEORIGIN"},{"key":"access-control-allow-origin","value":"*"},{"key":"date","value":"Sat, 23 Jul 2022 11:12:16 GMT"},{"key":"content-length","value":"8459"},{"key":"strict-transport-security","value":"max-age=31536000"}],"cookie":[],"responseTime":null,"body":"{\n \"resultsPerPage\": 20,\n \"startIndex\": 0,\n \"totalResults\": 180783,\n \"result\": {\n \"CVE_data_type\": \"CVE\",\n \"CVE_data_format\": \"MITRE\",\n \"CVE_data_version\": \"4.0\",\n \"CVE_data_timestamp\": \"2022-07-23T11:12Z\",\n \"CVE_Items\": [\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2015-8965\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-264\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://rwkbp.makekb.com/?View=entry&EntryID=2521\",\n \"name\": \"https://rwkbp.makekb.com/?View=entry&EntryID=2521\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\n \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\"\n ]\n },\n {\n \"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\",\n \"name\": \"https://www.oracle.com/security-alerts/cpujan2021.html\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:perforce:jviews:*:*:*:*:*:*:*:*\",\n \"versionEndIncluding\": \"8.8\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:perforce:jviews:8.9:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 9.8,\n \"baseSeverity\": \"CRITICAL\"\n },\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 7.5\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 10,\n \"impactScore\": 6.4,\n \"acInsufInfo\": true,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2017-04-06T21:59Z\",\n \"lastModifiedDate\": \"2022-07-23T10:33Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-3149\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-78\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/\",\n \"name\": \"https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.netshieldcorp.com/netshield-appliances/\",\n \"name\": \"https://www.netshieldcorp.com/netshield-appliances/\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://kc.mcafee.com/corporate/index?page=content&id=SB10356\",\n \"name\": \"https://kc.mcafee.com/corporate/index?page=content&id=SB10356\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"AND\",\n \"children\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:netshieldcorp:nano_25_firmware:10.2.18:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": false,\n \"cpe23Uri\": \"cpe:2.3:h:netshieldcorp:nano_25:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ],\n \"cpe_match\": []\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"1.1.1\",\n \"versionEndExcluding\": \"1.1.1k\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:web_gateway_cloud_service:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"10.0.0\",\n \"versionEndExcluding\": \"10.1.1\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:web_gateway_cloud_service:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"9.0.0\",\n \"versionEndExcluding\": \"9.2.10\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:web_gateway_cloud_service:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"8.2.19\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:mcafee_web_gateway:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"10.0.0\",\n \"versionEndExcluding\": \"10.1.1\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:mcafee_web_gateway:*:*:*:*:*:*:*:*\",\n \"versionStartIncluding\": \"9.0.0\",\n \"versionEndExcluding\": \"9.2.10\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:mcafee:mcafee_web_gateway:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"8.2.19\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"HIGH\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.2,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 1.2,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"COMPLETE\",\n \"integrityImpact\": \"COMPLETE\",\n \"availabilityImpact\": \"COMPLETE\",\n \"baseScore\": 9\n },\n \"severity\": \"HIGH\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 10,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-02-22T02:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:26Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2020-9952\",\n \"ASSIGNER\": \"product-security@apple.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-79\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://support.apple.com/HT211850\",\n \"name\": \"https://support.apple.com/HT211850\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/HT211843\",\n \"name\": \"https://support.apple.com/HT211843\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/HT211844\",\n \"name\": \"https://support.apple.com/HT211844\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/HT211845\",\n \"name\": \"https://support.apple.com/HT211845\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/HT211846\",\n \"name\": \"https://support.apple.com/HT211846\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/HT211847\",\n \"name\": \"https://support.apple.com/HT211847\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/19\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/18\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/22\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/20\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2020/11/23/3\",\n \"name\": \"[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/202012-10\",\n \"name\": \"GLSA-202012-10\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"7.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\n \"versionEndExcluding\": \"7.21\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\n \"versionStartIncluding\": \"11.0\",\n \"versionEndExcluding\": \"11.4\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:webkit:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\n \"versionEndIncluding\": \"2.30.3\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"CHANGED\",\n \"confidentialityImpact\": \"LOW\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"LOW\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.7\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 5.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8.6,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2020-10-16T17:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:22Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-4911\",\n \"ASSIGNER\": \"cve@mitre.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-284\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2016/05/17/10\",\n \"name\": \"[oss-security] 20160517 CVE request for vulnerability in OpenStack Keystone\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\"\n ]\n },\n {\n \"url\": \"https://security.openstack.org/ossa/OSSA-2016-008.html\",\n \"name\": \"https://security.openstack.org/ossa/OSSA-2016-008.html\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://review.openstack.org/#/c/311886/\",\n \"name\": \"https://review.openstack.org/#/c/311886/\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2016/05/17/11\",\n \"name\": \"[oss-security] 20160517 Re: CVE request for vulnerability in OpenStack Keystone\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\"\n ]\n },\n {\n \"url\": \"https://bugs.launchpad.net/keystone/+bug/1577558\",\n \"name\": \"https://bugs.launchpad.net/keystone/+bug/1577558\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.securityfocus.com/bid/90728\",\n \"name\": \"90728\",\n \"refsource\": \"BID\",\n \"tags\": [\n \"Third Party Advisory\",\n \"VDB Entry\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"LOW\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4.3,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 1.4\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"NONE\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2016-06-13T14:59Z\",\n \"lastModifiedDate\": \"2022-07-23T10:22Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2020-9951\",\n \"ASSIGNER\": \"product-security@apple.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-416\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://support.apple.com/HT211845\",\n \"name\": \"https://support.apple.com/HT211845\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT211843\",\n \"name\": \"https://support.apple.com/kb/HT211843\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT211850\",\n \"name\": \"https://support.apple.com/kb/HT211850\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT211844\",\n \"name\": \"https://support.apple.com/kb/HT211844\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT211952\",\n \"name\": \"https://support.apple.com/kb/HT211952\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/19\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/18\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/22\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/20\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2020/11/23/3\",\n \"name\": \"[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.debian.org/security/2020/dsa-4797\",\n \"name\": \"DSA-4797\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://support.apple.com/kb/HT211935\",\n \"name\": \"https://support.apple.com/kb/HT211935\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/202012-10\",\n \"name\": \"GLSA-202012-10\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"7.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\n \"versionEndExcluding\": \"11.5\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\n \"versionEndExcluding\": \"12.10.9\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:webkit:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\n \"versionEndIncluding\": \"2.30.3\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 8.8,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 6.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8.6,\n \"impactScore\": 6.4,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2020-10-16T17:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:14Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2020-9948\",\n \"ASSIGNER\": \"product-security@apple.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-843\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://support.apple.com/HT211845\",\n \"name\": \"https://support.apple.com/HT211845\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Release Notes\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2020/Nov/18\",\n \"name\": \"20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0\",\n \"refsource\": \"FULLDISC\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2020/11/23/3\",\n \"name\": \"[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://www.debian.org/security/2020/dsa-4797\",\n \"name\": \"DSA-4797\",\n \"refsource\": \"DEBIAN\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://security.gentoo.org/glsa/202012-10\",\n \"name\": \"GLSA-202012-10\",\n \"refsource\": \"GENTOO\",\n \"tags\": [\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"14.0\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:webkit:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\n \"versionEndIncluding\": \"2.30.3\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 8.8,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 6.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8.6,\n \"impactScore\": 6.4,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2020-10-16T17:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:06Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-1227\",\n \"ASSIGNER\": \"secalert@redhat.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-269\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2070368\",\n \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2070368\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Issue Tracking\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://github.com/containers/podman/issues/10941\",\n \"name\": \"https://github.com/containers/podman/issues/10941\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Issue Tracking\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/\",\n \"name\": \"FEDORA-2022-5e637f6cc6\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*\",\n \"versionEndExcluding\": \"4.0.0\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*\",\n \"versionEndExcluding\": \"1.7.2\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n },\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"NONE\",\n \"userInteraction\": \"REQUIRED\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"HIGH\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 8.8,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 5.9\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"MEDIUM\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"PARTIAL\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 6.8\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8.6,\n \"impactScore\": 6.4,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": true\n }\n },\n \"publishedDate\": \"2022-04-29T16:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:04Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21931\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:03Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21918\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1364\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1364\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"HIGH\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4.9,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 1.2,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T10:03Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21928\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:56Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21930\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:56Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21932\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:55Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21933\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:55Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21934\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:47Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21935\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:47Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2021-21929\",\n \"ASSIGNER\": \"talos-cna@cisco.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-89\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Exploit\",\n \"Third Party Advisory\"\n ]\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:a:advantech:r-seenet:2.4.15:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\n \"attackVector\": \"NETWORK\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 6.5,\n \"baseSeverity\": \"MEDIUM\"\n },\n \"exploitabilityScore\": 2.8,\n \"impactScore\": 3.6\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\n \"accessVector\": \"NETWORK\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"SINGLE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"NONE\",\n \"baseScore\": 4\n },\n \"severity\": \"MEDIUM\",\n \"exploitabilityScore\": 8,\n \"impactScore\": 2.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2021-12-22T19:15Z\",\n \"lastModifiedDate\": \"2022-07-23T09:46Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2016-15004\",\n \"ASSIGNER\": \"cna@vuldb.com\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-74\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://sumofpwn.nl/advisory/2016/infinitewp_client_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html\",\n \"name\": \"https://sumofpwn.nl/advisory/2016/infinitewp_client_wordpress_plugin_unauthenticated_php_object_injection_vulnerability.html\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"http://seclists.org/fulldisclosure/2017/Jan/72\",\n \"name\": \"http://seclists.org/fulldisclosure/2017/Jan/72\",\n \"refsource\": \"MISC\",\n \"tags\": []\n },\n {\n \"url\": \"https://vuldb.com/?id.96073\",\n \"name\": \"https://vuldb.com/?id.96073\",\n \"refsource\": \"MISC\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component.\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": []\n },\n \"impact\": {},\n \"publishedDate\": \"2022-07-23T07:15Z\",\n \"lastModifiedDate\": \"2022-07-23T07:15Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-33742\",\n \"ASSIGNER\": \"security@xen.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-200\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"name\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"name\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2022/07/05/6\",\n \"name\": \"[oss-security] 20220705 Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/\",\n \"name\": \"FEDORA-2022-c4ec706488\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/\",\n \"name\": \"FEDORA-2022-2c9f8224f8\",\n \"refsource\": \"FEDORA\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 5.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:P\",\n \"accessVector\": \"LOCAL\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 3.6\n },\n \"severity\": \"LOW\",\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-07-05T13:15Z\",\n \"lastModifiedDate\": \"2022-07-23T04:15Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-33741\",\n \"ASSIGNER\": \"security@xen.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-200\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"name\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"name\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2022/07/05/6\",\n \"name\": \"[oss-security] 20220705 Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/\",\n \"name\": \"FEDORA-2022-c4ec706488\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/\",\n \"name\": \"FEDORA-2022-2c9f8224f8\",\n \"refsource\": \"FEDORA\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 5.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:P\",\n \"accessVector\": \"LOCAL\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 3.6\n },\n \"severity\": \"LOW\",\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-07-05T13:15Z\",\n \"lastModifiedDate\": \"2022-07-23T04:15Z\"\n },\n {\n \"cve\": {\n \"data_type\": \"CVE\",\n \"data_format\": \"MITRE\",\n \"data_version\": \"4.0\",\n \"CVE_data_meta\": {\n \"ID\": \"CVE-2022-33740\",\n \"ASSIGNER\": \"security@xen.org\"\n },\n \"problemtype\": {\n \"problemtype_data\": [\n {\n \"description\": [\n {\n \"lang\": \"en\",\n \"value\": \"CWE-200\"\n }\n ]\n }\n ]\n },\n \"references\": {\n \"reference_data\": [\n {\n \"url\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"name\": \"https://xenbits.xenproject.org/xsa/advisory-403.txt\",\n \"refsource\": \"MISC\",\n \"tags\": [\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"name\": \"http://xenbits.xen.org/xsa/advisory-403.html\",\n \"refsource\": \"CONFIRM\",\n \"tags\": [\n \"Patch\",\n \"Vendor Advisory\"\n ]\n },\n {\n \"url\": \"http://www.openwall.com/lists/oss-security/2022/07/05/6\",\n \"name\": \"[oss-security] 20220705 Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks\",\n \"refsource\": \"MLIST\",\n \"tags\": [\n \"Mailing List\",\n \"Patch\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/\",\n \"name\": \"FEDORA-2022-c4ec706488\",\n \"refsource\": \"FEDORA\",\n \"tags\": [\n \"Mailing List\",\n \"Third Party Advisory\"\n ]\n },\n {\n \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/\",\n \"name\": \"FEDORA-2022-2c9f8224f8\",\n \"refsource\": \"FEDORA\",\n \"tags\": []\n }\n ]\n },\n \"description\": {\n \"description_data\": [\n {\n \"lang\": \"en\",\n \"value\": \"Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).\"\n }\n ]\n }\n },\n \"configurations\": {\n \"CVE_data_version\": \"4.0\",\n \"nodes\": [\n {\n \"operator\": \"OR\",\n \"children\": [],\n \"cpe_match\": [\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n },\n {\n \"vulnerable\": true,\n \"cpe23Uri\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\n \"cpe_name\": []\n }\n ]\n }\n ]\n },\n \"impact\": {\n \"baseMetricV3\": {\n \"cvssV3\": {\n \"version\": \"3.1\",\n \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\n \"attackVector\": \"LOCAL\",\n \"attackComplexity\": \"LOW\",\n \"privilegesRequired\": \"LOW\",\n \"userInteraction\": \"NONE\",\n \"scope\": \"UNCHANGED\",\n \"confidentialityImpact\": \"HIGH\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"HIGH\",\n \"baseScore\": 7.1,\n \"baseSeverity\": \"HIGH\"\n },\n \"exploitabilityScore\": 1.8,\n \"impactScore\": 5.2\n },\n \"baseMetricV2\": {\n \"cvssV2\": {\n \"version\": \"2.0\",\n \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:P\",\n \"accessVector\": \"LOCAL\",\n \"accessComplexity\": \"LOW\",\n \"authentication\": \"NONE\",\n \"confidentialityImpact\": \"PARTIAL\",\n \"integrityImpact\": \"NONE\",\n \"availabilityImpact\": \"PARTIAL\",\n \"baseScore\": 3.6\n },\n \"severity\": \"LOW\",\n \"exploitabilityScore\": 3.9,\n \"impactScore\": 4.9,\n \"acInsufInfo\": false,\n \"obtainAllPrivilege\": false,\n \"obtainUserPrivilege\": false,\n \"obtainOtherPrivilege\": false,\n \"userInteractionRequired\": false\n }\n },\n \"publishedDate\": \"2022-07-05T13:15Z\",\n \"lastModifiedDate\": \"2022-07-23T04:15Z\"\n }\n ]\n }\n}"}],"_postman_id":"870448a2-2711-4dc2-b794-b083089c6425"},{"name":"Retrieve CPE information","id":"48b2d7ec-8665-495c-86c9-18ddb99ba5a7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{host}}/cpes/1.0/?apiKey={{apiKey}}&modStartDate=2020-01-01T00:00:00:001 Z&modEndDate=2022-01-01T00:00:00:000 Z","urlObject":{"path":["cpes","1.0",""],"host":["{{host}}"],"query":[{"key":"apiKey","value":"{{apiKey}}"},{"disabled":true,"description":{"content":"cves By default, the response returns all CPE that meet the search criteria. Including addOns=cves adds the vulnerabilities associated with the CPE.
\n","type":"text/plain"},"key":"addOns","value":"cves"},{"disabled":true,"description":{"content":"This parameter is used to filter products based on the CPE match criteria. The value of cpeMatchString is compared it against the CPE Match Criteria present on all CVE applicability statements. For more information on Common Platform Enumeration (CPE) please visit NIST's Computer Security Resource Center. Examples of CPE match strings are provided below for illustration.
\n","type":"text/plain"},"key":"cpeMatchString","value":"cpe:2.3:a:apple:*:*:*:*:*:*:*:*:*"},{"disabled":true,"description":{"content":"true A deprecated CPE is one that previously appeared in the Official CPE Dictionary but has since been replaced by one or more other CPE. CPE are deprecated for various reasons, such as when the original CPE name is discovered to be incorrect, when a more specific CPE name is added, and when a vendor name or product name evolves. By default, deprecated CPE names are not returned by the web service. includeDeprecated=true adds deprecated CPE to the request.
\n","type":"text/plain"},"key":"includeDeprecated","value":"false"},{"disabled":true,"description":{"content":"This parameter is used to retrieve records where a word or phrase is found in the CPE title or reference links.
\n","type":"text/plain"},"key":"keyword","value":"apple"},{"description":{"content":"These parameters specify a collection of CPE that were last modified during the period. If a CPE has been modified more recently than the specified period it will not be included in the response. If filtering by the modification date, both modStartDate and modEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:
\nyyyy-MM-ddTHH:mm:ss:SSS Z
\n","type":"text/plain"},"key":"modStartDate","value":"2020-01-01T00:00:00:001 Z"},{"key":"modEndDate","value":"2022-01-01T00:00:00:000 Z"},{"disabled":true,"description":{"content":"This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20. For network considerations, maximum allowable limit is 2,000.
\n","type":"text/plain"},"key":"resultsPerPage","value":"10"},{"disabled":true,"description":{"content":"This parameter determines the first CPE in the collection returned by the response. The index is zero-based, meaning the first CPE is at index zero. The response element totalResults indicates the number of CPE results that match request parameters. If the value of totalResults is greater than the value of resultsPerPage, the parameter startIndex may be used in subsequent requests to identify the first CPE for the request.
\n","type":"text/plain"},"key":"startIndex","value":"1"}],"variable":[]}},"response":[{"id":"fea2cce2-6f6a-40f8-83b3-2d6dc7528765","name":"Retrieve CPE information","originalRequest":{"method":"GET","header":[],"url":{"raw":"{{host}}/cpes/1.0/?apiKey={{apiKey}}&addOns=cves&cpeMatchString=cpe:2.3:a:apple:*:*:*:*:*:*:*:*:*&modStartDate=2022-01-01T00:00:00:001 Z&modEndDate=2022-04-01T00:00:00:000 Z","host":["{{host}}"],"path":["cpes","1.0",""],"query":[{"key":"apiKey","value":"{{apiKey}}"},{"key":"addOns","value":"cves","description":"cves By default, the response returns all CPE that meet the search criteria. Including addOns=cves adds the vulnerabilities associated with the CPE.\n\n","type":"text"},{"key":"cpeMatchString","value":"cpe:2.3:a:apple:*:*:*:*:*:*:*:*:*","description":"This parameter is used to filter products based on the CPE match criteria. The value of cpeMatchString is compared it against the CPE Match Criteria present on all CVE applicability statements. For more information on Common Platform Enumeration (CPE) please visit NIST's Computer Security Resource Center. Examples of CPE match strings are provided below for illustration.","type":"text"},{"key":"includeDeprecated","value":"false","description":"true A deprecated CPE is one that previously appeared in the Official CPE Dictionary but has since been replaced by one or more other CPE. CPE are deprecated for various reasons, such as when the original CPE name is discovered to be incorrect, when a more specific CPE name is added, and when a vendor name or product name evolves. By default, deprecated CPE names are not returned by the web service. includeDeprecated=true adds deprecated CPE to the request.","type":"text","disabled":true},{"key":"keyword","value":"apple","description":"This parameter is used to retrieve records where a word or phrase is found in the CPE title or reference links.","type":"text","disabled":true},{"key":"modStartDate","value":"2022-01-01T00:00:00:001 Z","description":"These parameters specify a collection of CPE that were last modified during the period. If a CPE has been modified more recently than the specified period it will not be included in the response. If filtering by the modification date, both modStartDate and modEndDate are REQUIRED. Filtering with only one parameter will return a successful response without data. The maximum allowable range when using the date range parameters is 120 consecutive days. Date range parameters are in the form:\n\nyyyy-MM-ddTHH:mm:ss:SSS Z"},{"key":"modEndDate","value":"2022-04-01T00:00:00:000 Z"},{"key":"resultsPerPage","value":"10","description":"This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20. For network considerations, maximum allowable limit is 2,000.","type":"text","disabled":true},{"key":"startIndex","value":"1","description":"This parameter determines the first CPE in the collection returned by the response. The index is zero-based, meaning the first CPE is at index zero. The response element totalResults indicates the number of CPE results that match request parameters. If the value of totalResults is greater than the value of resultsPerPage, the parameter startIndex may be used in subsequent requests to identify the first CPE for the request.","type":"text","disabled":true}]}},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"content-type","value":"application/json"},{"key":"content-encoding","value":"gzip"},{"key":"vary","value":"Accept-Encoding"},{"key":"x-frame-options","value":"SAMEORIGIN"},{"key":"x-frame-options","value":"SAMEORIGIN"},{"key":"access-control-allow-origin","value":"*"},{"key":"date","value":"Sat, 23 Jul 2022 19:01:09 GMT"},{"key":"content-length","value":"944"},{"key":"strict-transport-security","value":"max-age=31536000"}],"cookie":[],"responseTime":null,"body":"{\n \"resultsPerPage\": 20,\n \"startIndex\": 0,\n \"totalResults\": 58,\n \"result\": {\n \"dataType\": \"CPE\",\n \"feedVersion\": \"1.0\",\n \"cpeCount\": 58,\n \"feedTimestamp\": \"2022-07-23T19:01Z\",\n \"cpes\": [\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.19.2:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.19.2 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.19.1:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.19.1 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.19.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.19.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.5:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.5 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.4:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.4 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.3:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.3 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.2:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.2 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.1:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.1 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.18.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.18.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.17.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.17.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.16.3:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.16.3 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.16.2:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.16.2 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.16.1:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.16.1 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.16.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.16.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.15.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.15.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.14.2:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.14.2 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.14.1:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.14.1 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.14.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.14.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.13.0:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.13.0 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n },\n {\n \"deprecated\": false,\n \"cpe23Uri\": \"cpe:2.3:a:apple:swiftnio_http\\\\/2:1.12.3:*:*:*:*:swift:*:*\",\n \"lastModifiedDate\": \"2022-02-22T18:03Z\",\n \"titles\": [\n {\n \"title\": \"Apple SwiftNIO HTTP/2 1.12.3 for Swift\",\n \"lang\": \"en_US\"\n }\n ],\n \"refs\": [\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2/releases\",\n \"type\": \"Change Log\"\n },\n {\n \"ref\": \"https://github.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n },\n {\n \"ref\": \"https://swiftpackageregistry.com/apple/swift-nio-http2\",\n \"type\": \"Product\"\n }\n ],\n \"deprecatedBy\": [],\n \"vulnerabilities\": [\n \"CVE-2022-0618\",\n \"CVE-2022-24666\",\n \"CVE-2022-24667\",\n \"CVE-2022-24668\"\n ]\n }\n ]\n }\n}"}],"_postman_id":"48b2d7ec-8665-495c-86c9-18ddb99ba5a7"}],"id":"14c8ce83-e8cd-4461-a658-eaf3fbf35870","_postman_id":"14c8ce83-e8cd-4461-a658-eaf3fbf35870","description":""},{"name":"v2","item":[{"name":"CVE API","id":"2190f563-106d-45e7-8d77-a86a58d79a26","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{host}}/cves/2.0?cpeName=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*&cveId=CVE-2019-1010218&cvssV2Metrics=AV:N/AC:H/Au:N/C:C/I:C/A:C&cvssV2Severity=LOW&cvssV3Metrics=AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L &cvssV3Severity=LOW&cweId&hasCertAlerts&hasCertNotes&hasKev&hasOval&isVulnerable&keywordExactMatch&keywordSearch&lastModStartDate&lastModEndDate&pubStartDate&pubEndDate&resultsPerPage=50&startIndex=1&sourceIdentifier&versionEnd&versionEndType&versionStart&versionStartType&virtualMatchString","auth":{"type":"apikey","apikey":{"value":"{{apiKey}}","key":"This parameter returns a specific CPE record identified by a Universal Unique Identifier (UUID).
\n","type":"text/plain"},"key":"cpeNameId","value":"87316812-5F2C-4286-94FE-CC98B9EAEF53"},{"disabled":true,"description":{"content":"This parameter returns CPE Names that exist in the Official CPE Dictionary, based on the value of {match string}.
\n","type":"text/plain"},"key":"cpeMatchString","value":"cpe:2.3:a:microsoft:access:-:*:*:*:*:*:*:*"},{"disabled":true,"description":{"content":"By default, keywordSearch returns any CPE record where a word or phrase is found in the metadata title or reference links.
\nIf the value of keywordSearch is a phrase, i.e., contains more than one term, including keywordExactMatch returns only the CPE matching the phrase exactly. Otherwise, the results will contain records having any of the terms. If filtering by keywordExactMatch, keywordSearch is REQUIRED. Please note, this parameter should be provided without a parameter value.
\n","type":"text/plain"},"key":"keywordExactMatch","value":""},{"disabled":true,"description":{"content":"This parameter returns only the CPE records where a word or phrase is found in the metadata title or reference links.
\n","type":"text/plain"},"key":"keywordSearch","value":"Microsoft Windows"},{"disabled":true,"description":{"content":"These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both lastModStartDate and lastModEndDate are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
\n","type":"text/plain"},"key":"lastModStartDate","value":"2021-08-04T13:00:00.000%2B01:00"},{"disabled":true,"description":{"content":"These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both lastModStartDate and lastModEndDate are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
\n","type":"text/plain"},"key":"lastModEndDate","value":"2021-10-22T13:36:00.000%2B01:00"},{"disabled":true,"description":{"content":"This parameter returns all CPE records associated with a match string identified by its {uuid}. matchCriteriaId will only accept a properly formatted {uuid}.
\n","type":"text/plain"},"key":"matchCriteriaId","value":"36FBCF0F-8CEE-474C-8A04-5075AF53FAF4"},{"description":{"content":"This parameter specifies the maximum number of CPE records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 10,000.
\n","type":"text/plain"},"key":"resultsPerPage","value":"50"},{"disabled":true,"description":{"content":"This parameter specifies the index of the first CPE to be returned in the response data. The index is zero-based, meaning the first CPE is at index zero.
\n","type":"text/plain"},"key":"startIndex","value":"10"}],"variable":[]}},"response":[],"_postman_id":"a7092b54-07f6-4784-ab9f-ceed9fa2c506"},{"name":"CPE Match Criteria API","id":"f4263563-5657-4a87-8b6c-b6d4d02988cb","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{host}}/cpematch/2.0?resultsPerPage=50","auth":{"type":"apikey","apikey":{"value":"{{apiKey}}","key":"This parameter returns all non-deprecated CPE match strings in the availability statement of a specific vulnerability identified by its Common Vulnerabilities and Exposures identifier (the CVE ID).
\n","type":"text/plain"},"key":"cveId","value":"CVE-2022-32223"},{"disabled":true,"description":{"content":"These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both lastModStartDate and lastModEndDate are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
\n","type":"text/plain"},"key":"lastModStartDate","value":"2021-08-04T13:00:00.000%2B01:00"},{"disabled":true,"description":{"content":"These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both lastModStartDate and lastModEndDate are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days.
\n","type":"text/plain"},"key":"lastModEndDate","value":"2021-10-22T13:36:00.000%2B01:00"},{"disabled":true,"description":{"content":"This parameter returns all CPE records associated with a match string identified by its {uuid}. matchCriteriaId will only accept a properly formatted {uuid}.
\n","type":"text/plain"},"key":"matchCriteriaId","value":"36FBCF0F-8CEE-474C-8A04-5075AF53FAF4"},{"description":{"content":"This parameter specifies the maximum number of match records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is 5,000.
\n","type":"text/plain"},"key":"resultsPerPage","value":"50"},{"disabled":true,"description":{"content":"This parameter specifies the index of the first CPE to be returned in the response data. The index is zero-based, meaning the first CPE is at index zero.
\n","type":"text/plain"},"key":"startIndex","value":"10"}],"variable":[]}},"response":[],"_postman_id":"f4263563-5657-4a87-8b6c-b6d4d02988cb"},{"name":"CVE Change History API","id":"9032bc43-2560-4f51-8d53-d0029242dd2f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{host}}/cvehistory/2.0/","auth":{"type":"apikey","apikey":{"value":"{{apiKey}}","key":"