Issues
- Update json for indirect dependenciesNMS-16572Christian Pape
- Update Snakeyaml for indirect dependenciesNMS-16570Resolved issue: NMS-16570Christian Pape
- Update guava version to latest to address CVE-2023-2976NMS-16547
- Update to Netty 4NMS-16184Resolved issue: NMS-16184Christian Pape
- Integrate hibernate-core related patch from DebianNMS-16181Resolved issue: NMS-16181Benjamin Reed
- Update grpc to to the next version to address CVEsNMS-16180Resolved issue: NMS-16180Chandra Gorantla
- Back-port Angular evaluation prevention in non-Angular fields to foundation-2020NMS-16052Resolved issue: NMS-16052Benjamin Reed
- Polymorphic Typing issue in FasterXML jackson-databindNMS-16008
- Polymorphic Typing issue in FasterXML jackson-databindNMS-16007
- Reflected XSS in multiple JSP files in opennms/opennmsNMS-15783Resolved issue: NMS-15783fooker
- XXE injection via /rtc/post using the default rtc credentialsNMS-15699Resolved issue: NMS-15699fooker
- Prevent Angular evaluation of strings enclosed by two curly braces in non-Angular form-fields and outputNMS-15504Resolved issue: NMS-15504fooker
- upgrade Jackson code to all use Jackson v2NMS-14254Benjamin Reed
- Cross site scripting - ReflectedNMS-13835Resolved issue: NMS-13835Gerald Humphries
- Support -> System Report exposes credentials in plain textNMS-13831Resolved issue: NMS-13831Gerald Humphries
- Reflected XSS in webapp notice wizardNMS-13496Resolved issue: NMS-13496Jeff Gehlbach
- Backport Security Issues from Last MonthNMS-13231Resolved issue: NMS-13231Christian Pape
- Reflected XSS reported 2021-03-31 (update summary after disclosure)NMS-13229Resolved issue: NMS-13229Christian Pape
- Password in collectd.log fileNMS-13183Resolved issue: NMS-13183Christian Pape
- XSS in notification wizardNMS-13123Resolved issue: NMS-13123Christian Pape
- opennms user credentials wrongly exposedNMS-12146Resolved issue: NMS-12146Gerald Humphries
- Reflected XSS vulnerability in notification/detail.jsp and outage/detail.htmNMS-10707Resolved issue: NMS-10707Jeff Gehlbach
- IOActive: Reflected Cross-site Scripting in alarm/list.htm display ParameterNMS-9675Resolved issue: NMS-9675
- IOActive: Reflected Cross-site Scripting in admin/thresholds/index.htm filterField and Other ParametersNMS-9674Resolved issue: NMS-9674Jesse White
- IOActive: Reflected Cross-site Scripting in userGroupView/roles roleDescr and Other ParametersNMS-9673Resolved issue: NMS-9673Jesse White
- IOActive: Reflected Cross-site Scripting in heatmap/outages heatmap ParameterNMS-9671Resolved issue: NMS-9671Christian Pape
- IOActive: Cross-Site Scripting in createFavorite filter ParameterNMS-9670Resolved issue: NMS-9670Markus von Rüden
- Multiple XSS vulnerabilities in OpenNMS webappNMS-9457Resolved issue: NMS-9457Seth Leger
- XSS vulnerability on node error pageNMS-9354Resolved issue: NMS-9354Jesse White
- Poodle exploit: exclude SSLv3 in example Jetty HTTPS configuration (thanks to David Gerdes, University of Illinois)NMS-7026Resolved issue: NMS-7026Jeff Gehlbach
- Security: downloadReport allow download and view any file in filesystemNMS-6580Resolved issue: NMS-6580Jeff Gehlbach
- Two XSS vulnerabilities in webappNMS-6571Resolved issue: NMS-6571Jeff Gehlbach
- Any authenticated user can use the snmpConfig ReST serviceNMS-5184Resolved issue: NMS-5184Seth Leger
- XSS vulnerability in OpenNMS web UINMS-5128Resolved issue: NMS-5128Jeff Gehlbach
- Prototype Pollution in handlebarsCOMPASS-286
- XSS via JQLite DOM manipulation functions in AngularJSCOMPASS-285
- Prototype Pollution in lodash.mergeCOMPASS-284
- Prototype Pollution in lodash.mergeCOMPASS-283
- Denial of Service in node-sassCOMPASS-282
- Denial of Service in handlebarsCOMPASS-281
- Arbitrary Code Execution in handlebarsCOMPASS-280
- Prototype Pollution in handlebarsCOMPASS-279
- Arbitrary Code Execution in handlebarsCOMPASS-278
- Regular Expression Denial of Service in npm-user-validateCOMPASS-277
- ReDOS vulnerabities: multiple grammarsCOMPASS-276
- Improper Privilege Management in shelljsCOMPASS-275
- Memory Exposure in tunnel-agentCOMPASS-274
- Memory Exposure in concat-streamCOMPASS-273
- Code Injection in js-yamlCOMPASS-272
- Denial of Service in js-yamlCOMPASS-271
50 of 51
