Search criteria
99 vulnerabilities found for cloudforms by redhat
VAR-201311-0106
Vulnerability from variot - Updated: 2025-12-22 22:34Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. Following versions are vulnerable: Ruby 1.8 Ruby 1.9 prior to 1.9.3-p484 Ruby 2.0 prior to 2.0.0-p353 Ruby 2.1 prior to 2.1.0 preview2. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2013-1821
Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.
CVE-2013-4073
William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate issued by a
trusted certification authority.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.8.7.302-2squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 1.8.7.358-7.1+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 1.8.7.358-9.
We recommend that you upgrade your ruby1.8 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1767-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1767.html Issue date: 2013-11-26 CVE Names: CVE-2013-4164 =====================================================================
- Summary:
Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing
- Package List:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2):
Source: ruby-1.8.7.352-13.el6_2.src.rpm
x86_64: ruby-1.8.7.352-13.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node EUS (v. 6.3):
Source: ruby-1.8.7.352-13.el6_3.src.rpm
x86_64: ruby-1.8.7.352-13.el6_3.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node EUS (v. 6.4):
Source: ruby-1.8.7.352-13.el6_4.src.rpm
x86_64: ruby-1.8.7.352-13.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2):
Source: ruby-1.8.7.352-13.el6_2.src.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm ruby-static-1.8.7.352-13.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) :
Source: ruby-1.8.7.352-13.el6_3.src.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm ruby-static-1.8.7.352-13.el6_3.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4):
Source: ruby-1.8.7.352-13.el6_4.src.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm ruby-static-1.8.7.352-13.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.2):
Source: ruby-1.8.7.352-13.el6_2.src.rpm
i386: ruby-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-irb-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm
ppc64: ruby-1.8.7.352-13.el6_2.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm ruby-devel-1.8.7.352-13.el6_2.ppc.rpm ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm ruby-irb-1.8.7.352-13.el6_2.ppc64.rpm ruby-libs-1.8.7.352-13.el6_2.ppc.rpm ruby-libs-1.8.7.352-13.el6_2.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm
s390x: ruby-1.8.7.352-13.el6_2.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm ruby-devel-1.8.7.352-13.el6_2.s390.rpm ruby-devel-1.8.7.352-13.el6_2.s390x.rpm ruby-irb-1.8.7.352-13.el6_2.s390x.rpm ruby-libs-1.8.7.352-13.el6_2.s390.rpm ruby-libs-1.8.7.352-13.el6_2.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm
x86_64: ruby-1.8.7.352-13.el6_2.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm ruby-libs-1.8.7.352-13.el6_2.i686.rpm ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.3):
Source: ruby-1.8.7.352-13.el6_3.src.rpm
i386: ruby-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-irb-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-rdoc-1.8.7.352-13.el6_3.i686.rpm
ppc64: ruby-1.8.7.352-13.el6_3.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm ruby-devel-1.8.7.352-13.el6_3.ppc.rpm ruby-devel-1.8.7.352-13.el6_3.ppc64.rpm ruby-irb-1.8.7.352-13.el6_3.ppc64.rpm ruby-libs-1.8.7.352-13.el6_3.ppc.rpm ruby-libs-1.8.7.352-13.el6_3.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_3.ppc64.rpm
s390x: ruby-1.8.7.352-13.el6_3.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_3.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm ruby-devel-1.8.7.352-13.el6_3.s390.rpm ruby-devel-1.8.7.352-13.el6_3.s390x.rpm ruby-irb-1.8.7.352-13.el6_3.s390x.rpm ruby-libs-1.8.7.352-13.el6_3.s390.rpm ruby-libs-1.8.7.352-13.el6_3.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_3.s390x.rpm
x86_64: ruby-1.8.7.352-13.el6_3.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-devel-1.8.7.352-13.el6_3.i686.rpm ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm ruby-libs-1.8.7.352-13.el6_3.i686.rpm ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.4):
Source: ruby-1.8.7.352-13.el6_4.src.rpm
i386: ruby-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-irb-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-rdoc-1.8.7.352-13.el6_4.i686.rpm
ppc64: ruby-1.8.7.352-13.el6_4.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm ruby-devel-1.8.7.352-13.el6_4.ppc.rpm ruby-devel-1.8.7.352-13.el6_4.ppc64.rpm ruby-irb-1.8.7.352-13.el6_4.ppc64.rpm ruby-libs-1.8.7.352-13.el6_4.ppc.rpm ruby-libs-1.8.7.352-13.el6_4.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_4.ppc64.rpm
s390x: ruby-1.8.7.352-13.el6_4.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6_4.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm ruby-devel-1.8.7.352-13.el6_4.s390.rpm ruby-devel-1.8.7.352-13.el6_4.s390x.rpm ruby-irb-1.8.7.352-13.el6_4.s390x.rpm ruby-libs-1.8.7.352-13.el6_4.s390.rpm ruby-libs-1.8.7.352-13.el6_4.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_4.s390x.rpm
x86_64: ruby-1.8.7.352-13.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-devel-1.8.7.352-13.el6_4.i686.rpm ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm ruby-libs-1.8.7.352-13.el6_4.i686.rpm ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.2):
Source: ruby-1.8.7.352-13.el6_2.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-docs-1.8.7.352-13.el6_2.i686.rpm ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm ruby-ri-1.8.7.352-13.el6_2.i686.rpm ruby-static-1.8.7.352-13.el6_2.i686.rpm ruby-tcltk-1.8.7.352-13.el6_2.i686.rpm
ppc64: ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm ruby-devel-1.8.7.352-13.el6_2.ppc.rpm ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm ruby-docs-1.8.7.352-13.el6_2.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm ruby-ri-1.8.7.352-13.el6_2.ppc64.rpm ruby-static-1.8.7.352-13.el6_2.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_2.ppc64.rpm
s390x: ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm ruby-devel-1.8.7.352-13.el6_2.s390.rpm ruby-devel-1.8.7.352-13.el6_2.s390x.rpm ruby-docs-1.8.7.352-13.el6_2.s390x.rpm ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm ruby-ri-1.8.7.352-13.el6_2.s390x.rpm ruby-static-1.8.7.352-13.el6_2.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_2.s390x.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm ruby-devel-1.8.7.352-13.el6_2.i686.rpm ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm ruby-static-1.8.7.352-13.el6_2.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.3):
Source: ruby-1.8.7.352-13.el6_3.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm ruby-docs-1.8.7.352-13.el6_3.i686.rpm ruby-ri-1.8.7.352-13.el6_3.i686.rpm ruby-static-1.8.7.352-13.el6_3.i686.rpm ruby-tcltk-1.8.7.352-13.el6_3.i686.rpm
ppc64: ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm ruby-docs-1.8.7.352-13.el6_3.ppc64.rpm ruby-ri-1.8.7.352-13.el6_3.ppc64.rpm ruby-static-1.8.7.352-13.el6_3.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_3.ppc64.rpm
s390x: ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm ruby-docs-1.8.7.352-13.el6_3.s390x.rpm ruby-ri-1.8.7.352-13.el6_3.s390x.rpm ruby-static-1.8.7.352-13.el6_3.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_3.s390x.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm ruby-static-1.8.7.352-13.el6_3.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.4):
Source: ruby-1.8.7.352-13.el6_4.src.rpm
i386: ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm ruby-docs-1.8.7.352-13.el6_4.i686.rpm ruby-ri-1.8.7.352-13.el6_4.i686.rpm ruby-static-1.8.7.352-13.el6_4.i686.rpm ruby-tcltk-1.8.7.352-13.el6_4.i686.rpm
ppc64: ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm ruby-docs-1.8.7.352-13.el6_4.ppc64.rpm ruby-ri-1.8.7.352-13.el6_4.ppc64.rpm ruby-static-1.8.7.352-13.el6_4.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6_4.ppc64.rpm
s390x: ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm ruby-docs-1.8.7.352-13.el6_4.s390x.rpm ruby-ri-1.8.7.352-13.el6_4.s390x.rpm ruby-static-1.8.7.352-13.el6_4.s390x.rpm ruby-tcltk-1.8.7.352-13.el6_4.s390x.rpm
x86_64: ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm ruby-static-1.8.7.352-13.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSlPJkXlSAg2UNWIIRAmGVAJ0ftFXiZwwEQYrgDr4bmR7n7pvbtQCbB8VQ Q2wQW0K2XmUcezCSz0pyQ2M= =Cisx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
Updated Packages:
Mandriva Enterprise Server 5: 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-10-16-3 OS X Server v4.0
OS X Server v4.0 is now available and addresses the following:
BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service Description: Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2 CVE-ID CVE-2013-3919 CVE-2013-4854 CVE-2014-0591
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of Ferdowsi University of Mashhad
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output. CVE-ID CVE-2014-4406 : David Hoyt of Hoyt LLC
CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066
Mail Service Available for: OS X Yosemite v10.10 or later Impact: Group SACL changes for Mail may not be respected until after a restart of the Mail service Description: SACL settings for Mail were cached and changes to the SACLs were not respected until after a restart of the Mail service. This issue was addressed by resetting the cache upon changes to the SACLs. CVE-ID CVE-2014-4446 : Craig Courtney
Profile Manager Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in LibYAML, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in LibYAML. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format. CVE-ID CVE-2013-4164 CVE-2013-6393
Profile Manager Available for: OS X Yosemite v10.10 or later Impact: A local user may obtain passwords after setting up or editing profiles in Profile Manager Description: In certain circumstances, setting up or editing profiles in Profile Manager may have logged passwords to a file. This issue was addressed through improved handling of credentials. CVE-ID CVE-2014-4447 : Mayo Jordanov
Server Available for: OS X Yosemite v10.10 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team
ServerRuby Available for: OS X Yosemite v10.10 or later Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393
OS X Server v4.0 may be obtained from the Mac App Store. Relevant releases/architectures:
Management Engine - noarch, x86_64
- Description:
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly sanitize user-supplied values in the ServiceController. (CVE-2014-0057)
It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user as parameters to the affected helpers. (CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected. (CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of CVE-2014-0082.
This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Red Hat CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the References section
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.0.0"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.8"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.3"
},
{
"model": "matsumoto ruby dev",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.3"
},
{
"model": "matsumoto ruby rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p180",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p136",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p0",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby -rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p431",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby -p429",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby -p376",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9"
},
{
"model": "matsumoto ruby -p72",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p71",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p22",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p21",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p287",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p286",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p229",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p114",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p231",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p115",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.4"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.3"
},
{
"model": "matsumoto ruby pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8"
},
{
"model": "matsumoto ruby 2.1.0-preview1",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p247",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p195",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "2.0"
},
{
"model": "matsumoto ruby 1.9.3-p448",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p426",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p392",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p327",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p0",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby 1.9.1-p430",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.1-p378",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.0-3"
},
{
"model": "matsumoto ruby 1.8.8dev",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p374",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p357",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p352",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p334",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p330",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p302",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p299",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p249",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p248",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p173",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p160",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p420",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p399",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p388",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p383",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p369",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p368",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "linux enterprise software development kit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "lifecycle management server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server eus 6.3.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server eus 6.2.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux high availability eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cloudforms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.2"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "os mavericks",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "matsumoto ruby 2.1.0-preview2",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p353",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p484",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.4"
},
{
"model": "os mavericks",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Charlie Somerville",
"sources": [
{
"db": "BID",
"id": "63873"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-4164",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. \nFollowing versions are vulnerable:\nRuby 1.8\nRuby 1.9 prior to 1.9.3-p484\nRuby 2.0 prior to 2.0.0-p353\nRuby 2.1 prior to 2.1.0 preview2. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2013-1821\n\n Ben Murphy discovered that unrestricted entity expansion in REXML\n can lead to a Denial of Service by consuming all host memory. \n\nCVE-2013-4073\n\n William (B.J.) Snow Orvis discovered a vulnerability in the hostname\n checking in Ruby\u0027s SSL client that could allow man-in-the-middle\n attackers to spoof SSL servers via a crafted certificate issued by a\n trusted certification authority. \n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.8.7.302-2squeeze2. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.7.358-7.1+deb7u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.358-9. \n\nWe recommend that you upgrade your ruby1.8 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: ruby security update\nAdvisory ID: RHSA-2013:1767-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-1767.html\nIssue date: 2013-11-26\nCVE Names: CVE-2013-4164 \n=====================================================================\n\n1. Summary:\n\nUpdated ruby packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.3)\t - x86_64\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. \nIt has features to process text files and to perform system management\ntasks. \n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing\n\n6. Package List:\n\nRed Hat Enterprise Linux Compute Node EUS (v. 6.2):\n\nSource:\nruby-1.8.7.352-13.el6_2.src.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_2.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_2.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_2.i686.rpm\nruby-libs-1.8.7.352-13.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node EUS (v. 6.3):\n\nSource:\nruby-1.8.7.352-13.el6_3.src.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_3.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_3.i686.rpm\nruby-devel-1.8.7.352-13.el6_3.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_3.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_3.i686.rpm\nruby-libs-1.8.7.352-13.el6_3.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.4):\n\nSource:\nruby-1.8.7.352-13.el6_4.src.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_4.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_4.i686.rpm\nruby-devel-1.8.7.352-13.el6_4.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_4.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_4.i686.rpm\nruby-libs-1.8.7.352-13.el6_4.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.2):\n\nSource:\nruby-1.8.7.352-13.el6_2.src.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_2.i686.rpm\nruby-devel-1.8.7.352-13.el6_2.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_2.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_2.x86_64.rpm\nruby-static-1.8.7.352-13.el6_2.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.3)\t:\n\nSource:\nruby-1.8.7.352-13.el6_3.src.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_3.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_3.x86_64.rpm\nruby-static-1.8.7.352-13.el6_3.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.4):\n\nSource:\nruby-1.8.7.352-13.el6_4.src.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_4.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_4.x86_64.rpm\nruby-static-1.8.7.352-13.el6_4.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.2):\n\nSource:\nruby-1.8.7.352-13.el6_2.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6_2.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-devel-1.8.7.352-13.el6_2.i686.rpm\nruby-irb-1.8.7.352-13.el6_2.i686.rpm\nruby-libs-1.8.7.352-13.el6_2.i686.rpm\nruby-rdoc-1.8.7.352-13.el6_2.i686.rpm\n\nppc64:\nruby-1.8.7.352-13.el6_2.ppc64.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm\nruby-devel-1.8.7.352-13.el6_2.ppc.rpm\nruby-devel-1.8.7.352-13.el6_2.ppc64.rpm\nruby-irb-1.8.7.352-13.el6_2.ppc64.rpm\nruby-libs-1.8.7.352-13.el6_2.ppc.rpm\nruby-libs-1.8.7.352-13.el6_2.ppc64.rpm\nruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm\n\ns390x:\nruby-1.8.7.352-13.el6_2.s390x.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm\nruby-devel-1.8.7.352-13.el6_2.s390.rpm\nruby-devel-1.8.7.352-13.el6_2.s390x.rpm\nruby-irb-1.8.7.352-13.el6_2.s390x.rpm\nruby-libs-1.8.7.352-13.el6_2.s390.rpm\nruby-libs-1.8.7.352-13.el6_2.s390x.rpm\nruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_2.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_2.i686.rpm\nruby-devel-1.8.7.352-13.el6_2.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_2.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_2.i686.rpm\nruby-libs-1.8.7.352-13.el6_2.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.3):\n\nSource:\nruby-1.8.7.352-13.el6_3.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6_3.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm\nruby-devel-1.8.7.352-13.el6_3.i686.rpm\nruby-irb-1.8.7.352-13.el6_3.i686.rpm\nruby-libs-1.8.7.352-13.el6_3.i686.rpm\nruby-rdoc-1.8.7.352-13.el6_3.i686.rpm\n\nppc64:\nruby-1.8.7.352-13.el6_3.ppc64.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.ppc.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm\nruby-devel-1.8.7.352-13.el6_3.ppc.rpm\nruby-devel-1.8.7.352-13.el6_3.ppc64.rpm\nruby-irb-1.8.7.352-13.el6_3.ppc64.rpm\nruby-libs-1.8.7.352-13.el6_3.ppc.rpm\nruby-libs-1.8.7.352-13.el6_3.ppc64.rpm\nruby-rdoc-1.8.7.352-13.el6_3.ppc64.rpm\n\ns390x:\nruby-1.8.7.352-13.el6_3.s390x.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.s390.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm\nruby-devel-1.8.7.352-13.el6_3.s390.rpm\nruby-devel-1.8.7.352-13.el6_3.s390x.rpm\nruby-irb-1.8.7.352-13.el6_3.s390x.rpm\nruby-libs-1.8.7.352-13.el6_3.s390.rpm\nruby-libs-1.8.7.352-13.el6_3.s390x.rpm\nruby-rdoc-1.8.7.352-13.el6_3.s390x.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_3.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_3.i686.rpm\nruby-devel-1.8.7.352-13.el6_3.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_3.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_3.i686.rpm\nruby-libs-1.8.7.352-13.el6_3.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.4):\n\nSource:\nruby-1.8.7.352-13.el6_4.src.rpm\n\ni386:\nruby-1.8.7.352-13.el6_4.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm\nruby-devel-1.8.7.352-13.el6_4.i686.rpm\nruby-irb-1.8.7.352-13.el6_4.i686.rpm\nruby-libs-1.8.7.352-13.el6_4.i686.rpm\nruby-rdoc-1.8.7.352-13.el6_4.i686.rpm\n\nppc64:\nruby-1.8.7.352-13.el6_4.ppc64.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.ppc.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm\nruby-devel-1.8.7.352-13.el6_4.ppc.rpm\nruby-devel-1.8.7.352-13.el6_4.ppc64.rpm\nruby-irb-1.8.7.352-13.el6_4.ppc64.rpm\nruby-libs-1.8.7.352-13.el6_4.ppc.rpm\nruby-libs-1.8.7.352-13.el6_4.ppc64.rpm\nruby-rdoc-1.8.7.352-13.el6_4.ppc64.rpm\n\ns390x:\nruby-1.8.7.352-13.el6_4.s390x.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.s390.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm\nruby-devel-1.8.7.352-13.el6_4.s390.rpm\nruby-devel-1.8.7.352-13.el6_4.s390x.rpm\nruby-irb-1.8.7.352-13.el6_4.s390x.rpm\nruby-libs-1.8.7.352-13.el6_4.s390.rpm\nruby-libs-1.8.7.352-13.el6_4.s390x.rpm\nruby-rdoc-1.8.7.352-13.el6_4.s390x.rpm\n\nx86_64:\nruby-1.8.7.352-13.el6_4.x86_64.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_4.i686.rpm\nruby-devel-1.8.7.352-13.el6_4.x86_64.rpm\nruby-irb-1.8.7.352-13.el6_4.x86_64.rpm\nruby-libs-1.8.7.352-13.el6_4.i686.rpm\nruby-libs-1.8.7.352-13.el6_4.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.2):\n\nSource:\nruby-1.8.7.352-13.el6_2.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-devel-1.8.7.352-13.el6_2.i686.rpm\nruby-docs-1.8.7.352-13.el6_2.i686.rpm\nruby-rdoc-1.8.7.352-13.el6_2.i686.rpm\nruby-ri-1.8.7.352-13.el6_2.i686.rpm\nruby-static-1.8.7.352-13.el6_2.i686.rpm\nruby-tcltk-1.8.7.352-13.el6_2.i686.rpm\n\nppc64:\nruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm\nruby-devel-1.8.7.352-13.el6_2.ppc.rpm\nruby-devel-1.8.7.352-13.el6_2.ppc64.rpm\nruby-docs-1.8.7.352-13.el6_2.ppc64.rpm\nruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm\nruby-ri-1.8.7.352-13.el6_2.ppc64.rpm\nruby-static-1.8.7.352-13.el6_2.ppc64.rpm\nruby-tcltk-1.8.7.352-13.el6_2.ppc64.rpm\n\ns390x:\nruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm\nruby-devel-1.8.7.352-13.el6_2.s390.rpm\nruby-devel-1.8.7.352-13.el6_2.s390x.rpm\nruby-docs-1.8.7.352-13.el6_2.s390x.rpm\nruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm\nruby-ri-1.8.7.352-13.el6_2.s390x.rpm\nruby-static-1.8.7.352-13.el6_2.s390x.rpm\nruby-tcltk-1.8.7.352-13.el6_2.s390x.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm\nruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm\nruby-devel-1.8.7.352-13.el6_2.i686.rpm\nruby-devel-1.8.7.352-13.el6_2.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_2.x86_64.rpm\nruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_2.x86_64.rpm\nruby-static-1.8.7.352-13.el6_2.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.3):\n\nSource:\nruby-1.8.7.352-13.el6_3.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm\nruby-docs-1.8.7.352-13.el6_3.i686.rpm\nruby-ri-1.8.7.352-13.el6_3.i686.rpm\nruby-static-1.8.7.352-13.el6_3.i686.rpm\nruby-tcltk-1.8.7.352-13.el6_3.i686.rpm\n\nppc64:\nruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm\nruby-docs-1.8.7.352-13.el6_3.ppc64.rpm\nruby-ri-1.8.7.352-13.el6_3.ppc64.rpm\nruby-static-1.8.7.352-13.el6_3.ppc64.rpm\nruby-tcltk-1.8.7.352-13.el6_3.ppc64.rpm\n\ns390x:\nruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm\nruby-docs-1.8.7.352-13.el6_3.s390x.rpm\nruby-ri-1.8.7.352-13.el6_3.s390x.rpm\nruby-static-1.8.7.352-13.el6_3.s390x.rpm\nruby-tcltk-1.8.7.352-13.el6_3.s390x.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_3.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_3.x86_64.rpm\nruby-static-1.8.7.352-13.el6_3.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.4):\n\nSource:\nruby-1.8.7.352-13.el6_4.src.rpm\n\ni386:\nruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm\nruby-docs-1.8.7.352-13.el6_4.i686.rpm\nruby-ri-1.8.7.352-13.el6_4.i686.rpm\nruby-static-1.8.7.352-13.el6_4.i686.rpm\nruby-tcltk-1.8.7.352-13.el6_4.i686.rpm\n\nppc64:\nruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm\nruby-docs-1.8.7.352-13.el6_4.ppc64.rpm\nruby-ri-1.8.7.352-13.el6_4.ppc64.rpm\nruby-static-1.8.7.352-13.el6_4.ppc64.rpm\nruby-tcltk-1.8.7.352-13.el6_4.ppc64.rpm\n\ns390x:\nruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm\nruby-docs-1.8.7.352-13.el6_4.s390x.rpm\nruby-ri-1.8.7.352-13.el6_4.s390x.rpm\nruby-static-1.8.7.352-13.el6_4.s390x.rpm\nruby-tcltk-1.8.7.352-13.el6_4.s390x.rpm\n\nx86_64:\nruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm\nruby-docs-1.8.7.352-13.el6_4.x86_64.rpm\nruby-ri-1.8.7.352-13.el6_4.x86_64.rpm\nruby-static-1.8.7.352-13.el6_4.x86_64.rpm\nruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-4164.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFSlPJkXlSAg2UNWIIRAmGVAJ0ftFXiZwwEQYrgDr4bmR7n7pvbtQCbB8VQ\nQ2wQW0K2XmUcezCSz0pyQ2M=\n=Cisx\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm \n fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm \n fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm\n cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm\n 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm\n 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm \n 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-3 OS X Server v4.0\n\nOS X Server v4.0 is now available and addresses the following:\n\nBIND\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in BIND, the most serious of which\nmay lead to a denial of service\nDescription: Multiple vulnerabilities existed in BIND. These issues\nwere addressed by updating BIND to version 9.9.2-P2\nCVE-ID\nCVE-2013-3919\nCVE-2013-4854\nCVE-2014-0591\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: A remote attacker may be able to execute arbitrary SQL\nqueries\nDescription: A SQL injection issue existed in Wiki Server. This\nissue was addressed through additional validation of SQL queries. \nCVE-ID\nCVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of\nFerdowsi University of Mashhad\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-site scripting issue existed in Xcode Server. \nThis issue was addressed through improved encoding of HTML output. \nCVE-ID\nCVE-2014-4406 : David Hoyt of Hoyt LLC\n\nCoreCollaboration\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PostgreSQL. These\nissues were addressed by updating PostgreSQL to version 9.2.7. \nCVE-ID\nCVE-2014-0060\nCVE-2014-0061\nCVE-2014-0062\nCVE-2014-0063\nCVE-2014-0064\nCVE-2014-0065\nCVE-2014-0066\n\nMail Service\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Group SACL changes for Mail may not be respected until after\na restart of the Mail service\nDescription: SACL settings for Mail were cached and changes to the\nSACLs were not respected until after a restart of the Mail service. \nThis issue was addressed by resetting the cache upon changes to the\nSACLs. \nCVE-ID\nCVE-2014-4446 : Craig Courtney\n\nProfile Manager\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Multiple vulnerabilities in LibYAML, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in LibYAML. These\nissues were addressed by switching from YAML to JSON as Profile\nManager\u0027s internal serialization format. \nCVE-ID\nCVE-2013-4164\nCVE-2013-6393\n\nProfile Manager\nAvailable for: OS X Yosemite v10.10 or later\nImpact: A local user may obtain passwords after setting up or\nediting profiles in Profile Manager\nDescription: In certain circumstances, setting up or editing\nprofiles in Profile Manager may have logged passwords to a file. This\nissue was addressed through improved handling of credentials. \nCVE-ID\nCVE-2014-4447 : Mayo Jordanov\n\nServer\nAvailable for: OS X Yosemite v10.10 or later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\nServerRuby\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Running a Ruby script that handles untrusted YAML tags may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow issue existed in LibYAML\u0027s handling\nof YAML tags. This issue was addressed through additional validation\nof YAML tags. This issue does not affect systems prior to OS X\nMavericks. \nCVE-ID\nCVE-2013-6393\n\n\nOS X Server v4.0 may be obtained from the Mac App Store. Relevant releases/architectures:\n\nManagement Engine - noarch, x86_64\n\n3. Description:\n\nRed Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. \n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers. \n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected. \n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. \n\nThis update fixes several bugs and adds multiple enhancements. \nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4164"
},
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124289"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124191"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4164",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "100113",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55787",
"trust": 1.6
},
{
"db": "BID",
"id": "63873",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "57376",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124177",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124289"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124191"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"id": "VAR-201311-0106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24090908
},
"last_update_date": "2025-12-22T22:34:27.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49037"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49041"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49036"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49040"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49034"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49039"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49032"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49038"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49042"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/55787"
},
{
"trust": 1.6,
"url": "http://osvdb.org/100113"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1767.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1763.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0215.html"
},
{
"trust": 1.3,
"url": "https://support.apple.com/kb/ht6536"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0011.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1764.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/57376"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2809"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2035-1"
},
{
"trust": 1.0,
"url": "https://puppet.com/security/cve/cve-2013-4164"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/63873"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4164"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/apr/133"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2013-4164"
},
{
"trust": 0.3,
"url": "http://www.ruby-lang.org"
},
{
"trust": 0.3,
"url": "http://www.slackware.com/lists/archive/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.484609"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors"
},
{
"trust": 0.3,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4164.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4073"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0061"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0062"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0060"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3919"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/cloudforms/3.0/html/management_engine_5.2_technical_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0082"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0081.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0081"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0057.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0082.html"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124289"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124191"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124289"
},
{
"db": "PACKETSTORM",
"id": "124290"
},
{
"db": "PACKETSTORM",
"id": "124191"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-22T00:00:00",
"db": "BID",
"id": "63873"
},
{
"date": "2013-12-05T04:52:34",
"db": "PACKETSTORM",
"id": "124289"
},
{
"date": "2013-12-05T04:52:45",
"db": "PACKETSTORM",
"id": "124290"
},
{
"date": "2013-11-27T16:32:20",
"db": "PACKETSTORM",
"id": "124191"
},
{
"date": "2013-11-26T15:55:00",
"db": "PACKETSTORM",
"id": "124189"
},
{
"date": "2014-10-17T15:07:38",
"db": "PACKETSTORM",
"id": "128731"
},
{
"date": "2014-03-11T21:31:51",
"db": "PACKETSTORM",
"id": "125651"
},
{
"date": "2013-11-26T01:48:08",
"db": "PACKETSTORM",
"id": "124177"
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"date": "2013-11-23T19:55:03.517000",
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:19:00",
"db": "BID",
"id": "63873"
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
}
}
CVE-2020-25716 (GCVE-0-2020-25716)
Vulnerability from nvd – Published: 2021-06-07 20:27 – Updated: 2024-08-04 15:40
VLAI?
Summary
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected
Severity ?
No CVSS data available.
CWE
- CWE-285 - >CWE-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cloudforms |
Affected:
before cfme 5.11.10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloudforms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before cfme 5.11.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285-\u003eCWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T20:27:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloudforms",
"version": {
"version_data": [
{
"version_value": "before cfme 5.11.10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285-\u003eCWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25716",
"datePublished": "2021-06-07T20:27:15",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14369 (GCVE-0-2020-14369)
Vulnerability from nvd – Published: 2020-12-02 14:28 – Updated: 2024-08-04 12:46
VLAI?
Summary
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
cfme-gemset 5.11.8.1-1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cfme-gemset 5.11.8.1-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T14:28:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "cfme-gemset 5.11.8.1-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14369",
"datePublished": "2020-12-02T14:28:04",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:46:33.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14325 (GCVE-0-2020-14325)
Vulnerability from nvd – Published: 2020-08-11 12:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
cfme 5.11.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cfme 5.11.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:49:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "cfme 5.11.7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-14325",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14325",
"datePublished": "2020-08-11T12:49:44",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10783 (GCVE-0-2020-10783)
Vulnerability from nvd – Published: 2020-08-11 12:35 – Updated: 2024-08-04 11:14
VLAI?
Summary
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:35:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10783",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10783",
"datePublished": "2020-08-11T12:35:13",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10779 (GCVE-0-2020-10779)
Vulnerability from nvd – Published: 2020-08-11 12:40 – Updated: 2024-08-04 11:14
VLAI?
Summary
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:40:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10779",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10779",
"datePublished": "2020-08-11T12:40:35",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10778 (GCVE-0-2020-10778)
Vulnerability from nvd – Published: 2020-08-11 12:25 – Updated: 2024-08-04 11:14
VLAI?
Summary
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:25:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10778",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10778",
"datePublished": "2020-08-11T12:25:07",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10777 (GCVE-0-2020-10777)
Vulnerability from nvd – Published: 2020-08-11 12:17 – Updated: 2024-08-04 11:14
VLAI?
Summary
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:17:53",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10777",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10777",
"datePublished": "2020-08-11T12:17:53",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0197 (GCVE-0-2014-0197)
Vulnerability from nvd – Published: 2019-12-13 12:48 – Updated: 2024-08-06 09:05
VLAI?
Summary
CFME: CSRF protection vulnerability via permissive check of the referrer header
Severity ?
No CVSS data available.
CWE
- CSRF protection vulnerability in referrer header
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CFME",
"vendor": "CFME",
"versions": [
{
"status": "affected",
"version": "through 2014-04-30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CFME: CSRF protection vulnerability via permissive check of the referrer header"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF protection vulnerability in referrer header",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:48:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0197",
"datePublished": "2019-12-13T12:48:28",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4423 (GCVE-0-2013-4423)
Vulnerability from nvd – Published: 2019-11-04 12:49 – Updated: 2024-08-06 16:45
VLAI?
Summary
CloudForms stores user passwords in recoverable format
Severity ?
No CVSS data available.
CWE
- user password stored in recoverable format
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CloudForms | CloudForms |
Affected:
Fixed in 3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "CloudForms",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CloudForms stores user passwords in recoverable format"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "user password stored in recoverable format",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T12:49:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4423"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4423",
"datePublished": "2019-11-04T12:49:35",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0186 (GCVE-0-2013-0186)
Vulnerability from nvd – Published: 2019-11-01 18:38 – Updated: 2024-08-06 14:18
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ManageIQ EVM | ManageIQ EVM |
Affected:
n/a
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageIQ EVM",
"vendor": "ManageIQ EVM",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Red Hat CloudForms 3.0",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Red Hat CloudForms 3.0 Management Engine 5.2"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:38:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0186",
"datePublished": "2019-11-01T18:38:38",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16892 (GCVE-0-2019-16892)
Vulnerability from nvd – Published: 2019-09-25 00:00 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubyzip/rubyzip/pull/403"
},
{
"name": "FEDORA-2019-0182d0b304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC/"
},
{
"name": "FEDORA-2019-8ecd991303",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6/"
},
{
"name": "FEDORA-2019-52445dce42",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X255K6ZBAQC462PQN2ND5HOTTQEJ2G2X/"
},
{
"name": "RHBA-2019:4047",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:4047"
},
{
"name": "RHSA-2019:4201",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4201"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:09:26.251395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rubyzip/rubyzip/pull/403"
},
{
"name": "FEDORA-2019-0182d0b304",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC/"
},
{
"name": "FEDORA-2019-8ecd991303",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6/"
},
{
"name": "FEDORA-2019-52445dce42",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X255K6ZBAQC462PQN2ND5HOTTQEJ2G2X/"
},
{
"name": "RHBA-2019:4047",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:4047"
},
{
"name": "RHSA-2019:4201",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4201"
},
{
"url": "https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16892",
"datePublished": "2019-09-25T00:00:00",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-05T01:24:47.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10159 (GCVE-0-2019-10159)
Vulnerability from nvd – Published: 2019-06-14 13:53 – Updated: 2024-08-04 22:10
VLAI?
Summary
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159"
},
{
"name": "RHSA-2019:2466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cfme",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "5.10.4.3 and below, 5.9.9.3 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T13:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159"
},
{
"name": "RHSA-2019:2466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2466"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10159",
"datePublished": "2019-06-14T13:53:19",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15123 (GCVE-0-2017-15123)
Vulnerability from nvd – Published: 2019-06-12 13:39 – Updated: 2024-08-05 19:50
VLAI?
Summary
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| redhat | CloudForms |
Affected:
5.8 - 5.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
},
{
"name": "108690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "5.8 - 5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T13:25:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
},
{
"name": "108690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15123",
"datePublished": "2019-06-12T13:39:34",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11358 (GCVE-0-2019-11358)
Vulnerability from nvd – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
VLAI?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-11358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:03:16.892088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:23.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:52.187292",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11358",
"datePublished": "2019-04-19T00:00:00",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-11-15T15:11:23.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5419 (GCVE-0-2019-5419)
Vulnerability from nvd – Published: 2019-03-27 13:43 – Updated: 2024-08-04 19:54
VLAI?
Summary
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rails | https://github.com/rails/rails |
Affected:
5.2.2.1
Affected: 5.1.6.2 Affected: 5.0.7.2 Affected: 4.2.11.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
},
{
"name": "RHSA-2019:0796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0796"
},
{
"name": "openSUSE-SU-2019:1344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
},
{
"name": "FEDORA-2019-1cfe24db5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
},
{
"name": "RHSA-2019:1149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1149"
},
{
"name": "RHSA-2019:1147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1147"
},
{
"name": "RHSA-2019:1289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1289"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails",
"vendor": "Rails",
"versions": [
{
"status": "affected",
"version": "5.2.2.1"
},
{
"status": "affected",
"version": "5.1.6.2"
},
{
"status": "affected",
"version": "5.0.7.2"
},
{
"status": "affected",
"version": "4.2.11.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a possible denial of service vulnerability in Action View (Rails) \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T20:06:09",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
},
{
"name": "RHSA-2019:0796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0796"
},
{
"name": "openSUSE-SU-2019:1344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
},
{
"name": "FEDORA-2019-1cfe24db5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
},
{
"name": "RHSA-2019:1149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1149"
},
{
"name": "RHSA-2019:1147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1147"
},
{
"name": "RHSA-2019:1289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1289"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "5.2.2.1"
},
{
"version_value": "5.1.6.2"
},
{
"version_value": "5.0.7.2"
},
{
"version_value": "4.2.11.1"
}
]
}
}
]
},
"vendor_name": "Rails"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a possible denial of service vulnerability in Action View (Rails) \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
},
{
"name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",
"refsource": "CONFIRM",
"url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
},
{
"name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
},
{
"name": "RHSA-2019:0796",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0796"
},
{
"name": "openSUSE-SU-2019:1344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
},
{
"name": "FEDORA-2019-1cfe24db5c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
},
{
"name": "RHSA-2019:1149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1149"
},
{
"name": "RHSA-2019:1147",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1147"
},
{
"name": "RHSA-2019:1289",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1289"
},
{
"name": "openSUSE-SU-2019:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5419",
"datePublished": "2019-03-27T13:43:19",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25716 (GCVE-0-2020-25716)
Vulnerability from cvelistv5 – Published: 2021-06-07 20:27 – Updated: 2024-08-04 15:40
VLAI?
Summary
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected
Severity ?
No CVSS data available.
CWE
- CWE-285 - >CWE-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cloudforms |
Affected:
before cfme 5.11.10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloudforms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before cfme 5.11.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285-\u003eCWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T20:27:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloudforms",
"version": {
"version_data": [
{
"version_value": "before cfme 5.11.10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285-\u003eCWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25716",
"datePublished": "2021-06-07T20:27:15",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14369 (GCVE-0-2020-14369)
Vulnerability from cvelistv5 – Published: 2020-12-02 14:28 – Updated: 2024-08-04 12:46
VLAI?
Summary
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
cfme-gemset 5.11.8.1-1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cfme-gemset 5.11.8.1-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T14:28:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "cfme-gemset 5.11.8.1-1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14369",
"datePublished": "2020-12-02T14:28:04",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:46:33.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14325 (GCVE-0-2020-14325)
Vulnerability from cvelistv5 – Published: 2020-08-11 12:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
cfme 5.11.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cfme 5.11.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:49:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "cfme 5.11.7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-14325",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-14325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14325",
"datePublished": "2020-08-11T12:49:44",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10779 (GCVE-0-2020-10779)
Vulnerability from cvelistv5 – Published: 2020-08-11 12:40 – Updated: 2024-08-04 11:14
VLAI?
Summary
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:40:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847647"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10779",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10779",
"datePublished": "2020-08-11T12:40:35",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10783 (GCVE-0-2020-10783)
Vulnerability from cvelistv5 – Published: 2020-08-11 12:35 – Updated: 2024-08-04 11:14
VLAI?
Summary
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:35:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847811"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10783",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10783",
"datePublished": "2020-08-11T12:35:13",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10778 (GCVE-0-2020-10778)
Vulnerability from cvelistv5 – Published: 2020-08-11 12:25 – Updated: 2024-08-04 11:14
VLAI?
Summary
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:25:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847628"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10778",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10778",
"datePublished": "2020-08-11T12:25:07",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10777 (GCVE-0-2020-10777)
Vulnerability from cvelistv5 – Published: 2020-08-11 12:17 – Updated: 2024-08-04 11:14
VLAI?
Summary
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | CloudForms |
Affected:
4.7 and 5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.7 and 5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T12:17:53",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudForms",
"version": {
"version_data": [
{
"version_value": "4.7 and 5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"name": "https://access.redhat.com/security/cve/cve-2020-10777",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2020-10777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10777",
"datePublished": "2020-08-11T12:17:53",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0197 (GCVE-0-2014-0197)
Vulnerability from cvelistv5 – Published: 2019-12-13 12:48 – Updated: 2024-08-06 09:05
VLAI?
Summary
CFME: CSRF protection vulnerability via permissive check of the referrer header
Severity ?
No CVSS data available.
CWE
- CSRF protection vulnerability in referrer header
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CFME",
"vendor": "CFME",
"versions": [
{
"status": "affected",
"version": "through 2014-04-30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CFME: CSRF protection vulnerability via permissive check of the referrer header"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF protection vulnerability in referrer header",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:48:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-0197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0197",
"datePublished": "2019-12-13T12:48:28",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4423 (GCVE-0-2013-4423)
Vulnerability from cvelistv5 – Published: 2019-11-04 12:49 – Updated: 2024-08-06 16:45
VLAI?
Summary
CloudForms stores user passwords in recoverable format
Severity ?
No CVSS data available.
CWE
- user password stored in recoverable format
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CloudForms | CloudForms |
Affected:
Fixed in 3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "CloudForms",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CloudForms stores user passwords in recoverable format"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "user password stored in recoverable format",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T12:49:35",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4423"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4423",
"datePublished": "2019-11-04T12:49:35",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0186 (GCVE-0-2013-0186)
Vulnerability from cvelistv5 – Published: 2019-11-01 18:38 – Updated: 2024-08-06 14:18
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ManageIQ EVM | ManageIQ EVM |
Affected:
n/a
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageIQ EVM",
"vendor": "ManageIQ EVM",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"product": "Red Hat CloudForms 3.0",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Red Hat CloudForms 3.0 Management Engine 5.2"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:38:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/errata/RHSA-2014:0215"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0186",
"datePublished": "2019-11-01T18:38:38",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16892 (GCVE-0-2019-16892)
Vulnerability from cvelistv5 – Published: 2019-09-25 00:00 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubyzip/rubyzip/pull/403"
},
{
"name": "FEDORA-2019-0182d0b304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC/"
},
{
"name": "FEDORA-2019-8ecd991303",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6/"
},
{
"name": "FEDORA-2019-52445dce42",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X255K6ZBAQC462PQN2ND5HOTTQEJ2G2X/"
},
{
"name": "RHBA-2019:4047",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:4047"
},
{
"name": "RHSA-2019:4201",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4201"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T22:09:26.251395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rubyzip/rubyzip/pull/403"
},
{
"name": "FEDORA-2019-0182d0b304",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC/"
},
{
"name": "FEDORA-2019-8ecd991303",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6/"
},
{
"name": "FEDORA-2019-52445dce42",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X255K6ZBAQC462PQN2ND5HOTTQEJ2G2X/"
},
{
"name": "RHBA-2019:4047",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:4047"
},
{
"name": "RHSA-2019:4201",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4201"
},
{
"url": "https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16892",
"datePublished": "2019-09-25T00:00:00",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-05T01:24:47.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10159 (GCVE-0-2019-10159)
Vulnerability from cvelistv5 – Published: 2019-06-14 13:53 – Updated: 2024-08-04 22:10
VLAI?
Summary
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159"
},
{
"name": "RHSA-2019:2466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cfme",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "5.10.4.3 and below, 5.9.9.3 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T13:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159"
},
{
"name": "RHSA-2019:2466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2466"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10159",
"datePublished": "2019-06-14T13:53:19",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15123 (GCVE-0-2017-15123)
Vulnerability from cvelistv5 – Published: 2019-06-12 13:39 – Updated: 2024-08-05 19:50
VLAI?
Summary
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| redhat | CloudForms |
Affected:
5.8 - 5.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
},
{
"name": "108690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudForms",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "5.8 - 5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T13:25:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123"
},
{
"name": "108690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15123",
"datePublished": "2019-06-12T13:39:34",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11358 (GCVE-0-2019-11358)
Vulnerability from cvelistv5 – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
VLAI?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-11358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:03:16.892088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:11:23.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:06:52.187292",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"name": "DSA-4434",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4434"
},
{
"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Apr/32"
},
{
"name": "108023",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/108023"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
},
{
"name": "FEDORA-2019-eba8e44ee6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
},
{
"name": "FEDORA-2019-1a3edd7e8a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
},
{
"name": "FEDORA-2019-7eaf0bbe7c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
},
{
"name": "FEDORA-2019-2a0ce0c58c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
},
{
"name": "FEDORA-2019-a06dffab1c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
},
{
"name": "FEDORA-2019-f563e66380",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
},
{
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "DSA-4460",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4460"
},
{
"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2019/Jun/12"
},
{
"name": "openSUSE-SU-2019:1839",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
},
{
"name": "RHBA-2019:1570",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:1570"
},
{
"name": "openSUSE-SU-2019:1872",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
},
{
"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
},
{
"name": "RHSA-2019:2587",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
},
{
"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11358",
"datePublished": "2019-04-19T00:00:00",
"dateReserved": "2019-04-19T00:00:00",
"dateUpdated": "2024-11-15T15:11:23.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}