Skip to content
Snippets Groups Projects

Iss #38 - Add RSS feed for CVE entries at /cve/rss.xml

Merged Iss #38 - Add RSS feed for CVE entries at /cve/rss.xml
malowe/eclipsefdn-cve-api:malowe/main/38 into main
Merged Martin Lowe requested to merge malowe/eclipsefdn-cve-api:malowe/main/38 into main
Compare
and
4 files
+ 163
18
Compare changes
  • Side-by-side
  • Inline
Files
4
spec/openapi.yaml
+ 53
0
@@ -64,6 +64,59 @@ paths:
$ref: "#/components/schemas/Error"
"500":
description: Error while retrieving data
/rss.xml:
get:
tags:
- CVE
summary: CVE RSS feed
description: Returns an RSS feed for the known and public vulnerabilities
operationId: getCveRSSFeed
responses:
"200":
description: Success
content:
application/xml:
example: |
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns="http://purl.org/rss/1.0/"
xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel rdf:about="https://eclipse.org/security/known/rss.xml">
<title>Eclipse Foundation Project CVE database</title>
<link>https://eclipse.org/security/known/rss.xml</link>
<description>Disclosed CVE records pertaining to Eclipse Foundation projects.</description>
<items>
<rdf:Seq>
<rdf:li />
<rdf:li />
<rdf:li />
</rdf:Seq>
</items>
<dc:creator>Eclipse Foundation WebDev</dc:creator>
<dc:date>2024-03-28T19:45:02Z</dc:date>
<dc:language>en-gb</dc:language>
</channel>
<item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7649">
<title>CVE-2017-7649</title>
<link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7649</link>
<description>The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.</description>
<dc:date>2017-04-14T04:00:00Z</dc:date>
</item>
<item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650">
<title>CVE-2017-7650</title>
<link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650</link>
<description>In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.</description>
<dc:date>2017-05-17T04:00:00Z</dc:date>
</item>
<item rdf:about="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651">
<title>CVE-2017-7651</title>
<link>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651</link>
<description>In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.</description>
<dc:date>2018-02-27T05:00:00Z</dc:date>
</item>
</rdf:RDF>
"500":
description: Error while retrieving data
components:
schemas:

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent