Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for subscription_asset_manager by redhat

    CVE-2012-6685 (GCVE-0-2012-6685)

    Vulnerability from nvd – Published: 2020-02-19 14:41 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    Nokogiri before 1.5.4 is vulnerable to XXE attacks
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:01.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sparklemotion/nokogiri/issues/693"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-19T14:41:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sparklemotion/nokogiri/issues/693"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sparklemotion/nokogiri/issues/693",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sparklemotion/nokogiri/issues/693"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
                },
                {
                  "name": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
                  "refsource": "CONFIRM",
                  "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6685",
        "datePublished": "2020-02-19T14:41:27.000Z",
        "dateReserved": "2015-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:01.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0183 (GCVE-0-2014-0183)

    Vulnerability from nvd – Published: 2020-01-02 19:20 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Katello Katello Affected: Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0183"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Katello",
              "vendor": "Katello",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T19:20:35.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0183"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0183",
        "datePublished": "2020-01-02T19:20:35.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0026 (GCVE-0-2014-0026)

    Vulnerability from nvd – Published: 2019-12-11 14:07 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    katello-headpin is vulnerable to CSRF in REST API
    Severity
    No CVSS data available.
    CWE
    • CSRF in REST API
    Assigner
    References
    Impacted products
    Vendor Product Version
    katello-headpin katello-headpin Affected: through 2014-01-29
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0026"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "katello-headpin",
              "vendor": "katello-headpin",
              "versions": [
                {
                  "status": "affected",
                  "version": "through 2014-01-29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "katello-headpin is vulnerable to CSRF in REST API"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF in REST API",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T14:07:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0026"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0026",
        "datePublished": "2019-12-11T14:07:02.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6461 (GCVE-0-2013-6461)

    Vulnerability from nvd – Published: 2019-11-05 14:07 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
    Severity
    No CVSS data available.
    CWE
    • while parsing XML entities
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Nokogiri gem Affected: 1.5.x
    Affected: 1.6.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64513"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nokogiri gem",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.x"
                },
                {
                  "status": "affected",
                  "version": "1.6.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "while parsing XML entities",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T14:07:42.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/64513"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6461",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nokogiri gem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.x"
                              },
                              {
                                "version_value": "1.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "while parsing XML entities"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-6461",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6461",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6461"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
                },
                {
                  "name": "http://www.securityfocus.com/bid/64513",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/64513"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6461",
        "datePublished": "2019-11-05T14:07:42.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6460 (GCVE-0-2013-6460)

    Vulnerability from nvd – Published: 2019-11-05 14:02 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
    Severity
    No CVSS data available.
    CWE
    • while parsing XML documents
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Nokogiri gem Affected: 1.5.x
    Affected: 1.6.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64513"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nokogiri gem",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.x"
                },
                {
                  "status": "affected",
                  "version": "1.6.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "while parsing XML documents",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T14:02:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/64513"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nokogiri gem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.x"
                              },
                              {
                                "version_value": "1.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "while parsing XML documents"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6460",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6460"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
                },
                {
                  "name": "http://www.securityfocus.com/bid/64513",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/64513"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6460",
        "datePublished": "2019-11-05T14:02:54.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from nvd – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0029 (GCVE-0-2014-0029)

    Vulnerability from nvd – Published: 2017-10-16 13:00 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-16T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0029",
        "datePublished": "2017-10-16T13:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0130 (GCVE-0-2014-0130)

    Vulnerability from nvd – Published: 2014-05-07 10:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2014-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:38.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2014:1863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
              },
              {
                "name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
              },
              {
                "name": "67244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67244"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0130",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:25:09.870990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2014-0130 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-02T14:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2014:1863",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
            },
            {
              "name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
            },
            {
              "name": "67244",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67244"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0130",
        "datePublished": "2014-05-07T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6439 (GCVE-0-2013-6439)

    Vulnerability from nvd – Published: 2013-12-23 22:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
              },
              {
                "name": "RHSA-2013:1863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
              },
              {
                "name": "candlepin-redhat-cve20136439-unspecified(90134)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
            },
            {
              "name": "RHSA-2013:1863",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
            },
            {
              "name": "candlepin-redhat-cve20136439-unspecified(90134)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6439",
        "datePublished": "2013-12-23T22:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1823 (GCVE-0-2013-1823)

    Vulnerability from nvd – Published: 2013-04-02 22:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/52774 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/91718 vdb-entryx_refsource_OSVDB
    https://bugzilla.redhat.com/show_bug.cgi?id=918784 x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2013-0686.html vendor-advisoryx_refsource_REDHAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:33.312Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52774"
              },
              {
                "name": "91718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/91718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
              },
              {
                "name": "RHSA-2013:0686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-02T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "52774",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52774"
            },
            {
              "name": "91718",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/91718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
            },
            {
              "name": "RHSA-2013:0686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-1823",
        "datePublished": "2013-04-02T22:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:33.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6119 (GCVE-0-2012-6119)

    Vulnerability from nvd – Published: 2013-04-02 22:00 – Updated: 2024-08-06 21:28
    VLAI
    Summary
    Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:38.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52774"
              },
              {
                "name": "91719",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/91719"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
              },
              {
                "name": "RHSA-2013:0686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-02T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "52774",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52774"
            },
            {
              "name": "91719",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/91719"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
            },
            {
              "name": "RHSA-2013:0686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6119",
        "datePublished": "2013-04-02T22:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:28:38.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6685 (GCVE-0-2012-6685)

    Vulnerability from cvelistv5 – Published: 2020-02-19 14:41 – Updated: 2024-08-06 21:36
    VLAI
    Summary
    Nokogiri before 1.5.4 is vulnerable to XXE attacks
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:36:01.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/sparklemotion/nokogiri/issues/693"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-19T14:41:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/sparklemotion/nokogiri/issues/693"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sparklemotion/nokogiri/issues/693",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/sparklemotion/nokogiri/issues/693"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
                },
                {
                  "name": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
                  "refsource": "CONFIRM",
                  "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6685",
        "datePublished": "2020-02-19T14:41:27.000Z",
        "dateReserved": "2015-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:36:01.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0183 (GCVE-0-2014-0183)

    Vulnerability from cvelistv5 – Published: 2020-01-02 19:20 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Katello Katello Affected: Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0183"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Katello",
              "vendor": "Katello",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T19:20:35.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0183"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0183",
        "datePublished": "2020-01-02T19:20:35.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0026 (GCVE-0-2014-0026)

    Vulnerability from cvelistv5 – Published: 2019-12-11 14:07 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    katello-headpin is vulnerable to CSRF in REST API
    Severity
    No CVSS data available.
    CWE
    • CSRF in REST API
    Assigner
    References
    Impacted products
    Vendor Product Version
    katello-headpin katello-headpin Affected: through 2014-01-29
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0026"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "katello-headpin",
              "vendor": "katello-headpin",
              "versions": [
                {
                  "status": "affected",
                  "version": "through 2014-01-29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "katello-headpin is vulnerable to CSRF in REST API"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF in REST API",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T14:07:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0026"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0026",
        "datePublished": "2019-12-11T14:07:02.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6461 (GCVE-0-2013-6461)

    Vulnerability from cvelistv5 – Published: 2019-11-05 14:07 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
    Severity
    No CVSS data available.
    CWE
    • while parsing XML entities
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Nokogiri gem Affected: 1.5.x
    Affected: 1.6.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6461"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64513"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nokogiri gem",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.x"
                },
                {
                  "status": "affected",
                  "version": "1.6.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "while parsing XML entities",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T14:07:42.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6461"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/64513"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6461",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nokogiri gem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.x"
                              },
                              {
                                "version_value": "1.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "while parsing XML entities"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-6461",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6461",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6461"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
                },
                {
                  "name": "http://www.securityfocus.com/bid/64513",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/64513"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6461",
        "datePublished": "2019-11-05T14:07:42.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6460 (GCVE-0-2013-6460)

    Vulnerability from cvelistv5 – Published: 2019-11-05 14:02 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
    Severity
    No CVSS data available.
    CWE
    • while parsing XML documents
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Nokogiri gem Affected: 1.5.x
    Affected: 1.6.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6460"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/64513"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nokogiri gem",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.x"
                },
                {
                  "status": "affected",
                  "version": "1.6.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "while parsing XML documents",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T14:02:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6460"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/64513"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nokogiri gem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5.x"
                              },
                              {
                                "version_value": "1.6.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "while parsing XML documents"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6460",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6460"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
                },
                {
                  "name": "http://www.securityfocus.com/bid/64513",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/64513"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6460",
        "datePublished": "2019-11-05T14:02:54.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from cvelistv5 – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0029 (GCVE-0-2014-0029)

    Vulnerability from cvelistv5 – Published: 2017-10-16 13:00 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-16T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059433"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0029",
        "datePublished": "2017-10-16T13:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0130 (GCVE-0-2014-0130)

    Vulnerability from cvelistv5 – Published: 2014-05-07 10:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2014-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:38.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2014:1863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
              },
              {
                "name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
              },
              {
                "name": "67244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67244"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0130",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:25:09.870990Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0130"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2014-0130 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-02T14:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2014:1863",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
            },
            {
              "name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
            },
            {
              "name": "67244",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67244"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0130",
        "datePublished": "2014-05-07T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6439 (GCVE-0-2013-6439)

    Vulnerability from cvelistv5 – Published: 2013-12-23 22:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
              },
              {
                "name": "RHSA-2013:1863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
              },
              {
                "name": "candlepin-redhat-cve20136439-unspecified(90134)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
            },
            {
              "name": "RHSA-2013:1863",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
            },
            {
              "name": "candlepin-redhat-cve20136439-unspecified(90134)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6439",
        "datePublished": "2013-12-23T22:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1823 (GCVE-0-2013-1823)

    Vulnerability from cvelistv5 – Published: 2013-04-02 22:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/52774 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/91718 vdb-entryx_refsource_OSVDB
    https://bugzilla.redhat.com/show_bug.cgi?id=918784 x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2013-0686.html vendor-advisoryx_refsource_REDHAT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:33.312Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52774"
              },
              {
                "name": "91718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/91718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
              },
              {
                "name": "RHSA-2013:0686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-02T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "52774",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52774"
            },
            {
              "name": "91718",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/91718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
            },
            {
              "name": "RHSA-2013:0686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-1823",
        "datePublished": "2013-04-02T22:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:33.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6119 (GCVE-0-2012-6119)

    Vulnerability from cvelistv5 – Published: 2013-04-02 22:00 – Updated: 2024-08-06 21:28
    VLAI
    Summary
    Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:38.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "52774",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/52774"
              },
              {
                "name": "91719",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/91719"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
              },
              {
                "name": "RHSA-2013:0686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-02T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "52774",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/52774"
            },
            {
              "name": "91719",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/91719"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
            },
            {
              "name": "RHSA-2013:0686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6119",
        "datePublished": "2013-04-02T22:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:28:38.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }