/ 
App-Netdisco-2.039030
⭐ Starred 676
/ App::Netdisco::DB::Result::Device
Security Advisories (10)
CVE-2022-24785 (2022-04-04)

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

CVE-2020-11022 (2020-04-29)

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11023 (2020-04-29)

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2019-11358 (2019-04-20)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2015-9251 (2018-01-18)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2011-4969 (2013-03-08)

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVE-2012-6708 (2018-01-18)

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

CVE-2020-7656 (2020-05-19)

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVE-2019-5428

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

CVE-2014-6071 (2018-01-16)

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

RELATIONSHIPS

device_ips

Returns rows from the device_ip table which relate to this Device. That is, all the interface IP aliases configured on the Device.

vlans

Returns the device_vlan entries for this Device. That is, the list of VLANs configured on or known by this Device.

ports

Returns the set of ports on this Device.

modules

Returns the set chassis modules on this Device.

power_modules

Returns the set of power modules on this Device.

port_vlans

Returns the set of VLANs known to be configured on Ports on this Device, either tagged or untagged.

The JOIN is of type "RIGHT" meaning that the results are constrained to VLANs only on Ports on this Device.

wireless_ports

Returns the set of wireless IDs known to be configured on Ports on this Device.

ssids

Returns the set of SSIDs known to be configured on Ports on this Device.

properties_ports

Returns the set of ports known to have recorded properties

powered_ports

Returns the set of ports known to have PoE capability

community

Returns the row from the community string table, if one exists.

throughput

Returns a sum of speeds on all ports on the device.

ADDITIONAL METHODS

is_pseudo

Returns true if the vendor of the device is "netdisco".

has_layer( $number )

Returns true if the device provided sysServices and supports the given layer.

renumber( $new_ip )

Will update this device and all related database records to use the new IP $new_ip. Returns undef if $new_ip seems invalid, otherwise returns the Device row object.

ADDITIONAL COLUMNS

oui

Returns the first half of the device MAC address.

port_count

Returns the number of ports on this device. Enable this column by applying the with_port_count() modifier to search().

uptime_age

Formatted version of the uptime field.

The format is in "X days/months/years" style, similar to:

1 year 4 months 05:46:00

first_seen_stamp

Formatted version of the creation field, accurate to the minute.

The format is somewhat like ISO 8601 or RFC3339 but without the middle T between the date stamp and time stamp. That is:

2012-02-06 12:49

last_discover_stamp

Formatted version of the last_discover field, accurate to the minute.

The format is somewhat like ISO 8601 or RFC3339 but without the middle T between the date stamp and time stamp. That is:

2012-02-06 12:49

last_macsuck_stamp

Formatted version of the last_macsuck field, accurate to the minute.

The format is somewhat like ISO 8601 or RFC3339 but without the middle T between the date stamp and time stamp. That is:

2012-02-06 12:49

last_arpnip_stamp

Formatted version of the last_arpnip field, accurate to the minute.

The format is somewhat like ISO 8601 or RFC3339 but without the middle T between the date stamp and time stamp. That is:

2012-02-06 12:49

since_last_discover

Number of seconds which have elapsed since the value of last_discover.

since_last_macsuck

Number of seconds which have elapsed since the value of last_macsuck.

since_last_arpnip

Number of seconds which have elapsed since the value of last_arpnip.