Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-14041 (GCVE-0-2018-14041)
Vulnerability from cvelistv5 – Published: 2018-07-13 14:00 – Updated: 2024-08-05 09:21
VLAI
EPSS
Summary
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2018-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/issues/26627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/issues/26627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://github.com/twbs/bootstrap/pull/26630",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26423",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"refsource": "MISC",
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26627",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/issues/26627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14041",
"datePublished": "2018-07-13T14:00:00.000Z",
"dateReserved": "2018-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:40.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-14041",
"date": "2026-05-29",
"epss": "0.07917",
"percentile": "0.92158"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-14041\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-13T14:29:00.277\",\"lastModified\":\"2024-11-21T03:48:29.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.\"},{\"lang\":\"es\",\"value\":\"En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-target de scrollspy.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.1.2\",\"matchCriteriaId\":\"E610C4F8-4A0A-4D0C-8B4F-0E396A00D5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"81E24E22-826E-478E-916F-B84B6E4A22AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E30D8D-85B8-42BF-91B7-005A74D78770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"14505CBF-3CA7-4F05-8492-AED273CDEC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D640EBF-FA2A-4D64-A520-40E13306E3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D974C26E-F9FC-472B-85BC-931BFFB74528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"05994C85-5F6D-4C09-A700-49CF893292BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E15817-0A5D-4C30-9A3C-F85F275E78DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12E3236-799A-46CB-BE07-E5A075D04BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A4754B-68D4-41C4-887F-E012538130F7\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/26423\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/26627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/26630\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/26423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/issues/26627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/twbs/bootstrap/pull/26630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость плагина ScrollSpy набора инструментов для создания сайтов и веб-приложений Bootstrap, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
Description
Уязвимость плагина ScrollSpy набора инструментов для создания сайтов и веб-приложений Bootstrap связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществлять межсайтовые сценарные атаки
Severity
Vendor
Red Hat Inc., Getbootstrap
Software Name
Red Hat Single Sign-On, Bootstrap
Software Version
7.3 (Red Hat Single Sign-On), от 4.0.0 до 4.1.2 (Bootstrap), 4.0.0 Beta2 (Bootstrap), 4.0.0 Alpha3 (Bootstrap), 4.0.0 Beta3 (Bootstrap), 4.0.0 Alpha5 (Bootstrap), 4.0.0 Alpha6 (Bootstrap), 4.0.0 Alpha (Bootstrap), 4.0.0 Beta (Bootstrap), 4.0.0 Alpha2 (Bootstrap)
Possible Mitigations
Использование рекомендаций:
Для Bootstrap:
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26627
https://github.com/twbs/bootstrap/pull/26630
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2018-14041
Reference
https://access.redhat.com/security/cve/cve-2018-14041
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26627
https://github.com/twbs/bootstrap/pull/26630
https://access.redhat.com/security/cve/cve-2018-14041
https://nvd.nist.gov/vuln/detail/CVE-2018-14041
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Getbootstrap",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (Red Hat Single Sign-On), \u043e\u0442 4.0.0 \u0434\u043e 4.1.2 (Bootstrap), 4.0.0 Beta2 (Bootstrap), 4.0.0 Alpha3 (Bootstrap), 4.0.0 Beta3 (Bootstrap), 4.0.0 Alpha5 (Bootstrap), 4.0.0 Alpha6 (Bootstrap), 4.0.0 Alpha (Bootstrap), 4.0.0 Beta (Bootstrap), 4.0.0 Alpha2 (Bootstrap)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Bootstrap:\nhttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/\nhttps://github.com/twbs/bootstrap/issues/26423\nhttps://github.com/twbs/bootstrap/issues/26627\nhttps://github.com/twbs/bootstrap/pull/26630\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2018-14041",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.07.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.05.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02248",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-14041",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Single Sign-On, Bootstrap",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 ScrollSpy \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Bootstrap, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 ScrollSpy \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Bootstrap \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2018-14041\nhttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/\nhttps://github.com/twbs/bootstrap/issues/26423\nhttps://github.com/twbs/bootstrap/issues/26627\nhttps://github.com/twbs/bootstrap/pull/26630\nhttps://access.redhat.com/security/cve/cve-2018-14041\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14041\nhttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E \nhttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E \nhttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E \nhttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
CERTFR-2024-AVI-1015
Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.1 | ||
| IBM | QRadar | QRadar Pulse App versions antérieures à 2.2.15 | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le correctif APAR PH63533 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25 | ||
| IBM | AIX | AIX version 7.3 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | VIOS | VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH63533 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002 | ||
| IBM | AIX | AIX version 7.2 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11 | ||
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 4.1.17 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n\u0027ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-46982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176657",
"url": "https://www.ibm.com/support/pages/node/7176657"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
"url": "https://www.ibm.com/support/pages/node/7176642"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176660",
"url": "https://www.ibm.com/support/pages/node/7176660"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176201",
"url": "https://www.ibm.com/support/pages/node/7176201"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176391",
"url": "https://www.ibm.com/support/pages/node/7176391"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176392",
"url": "https://www.ibm.com/support/pages/node/7176392"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176386",
"url": "https://www.ibm.com/support/pages/node/7176386"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176389",
"url": "https://www.ibm.com/support/pages/node/7176389"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176451",
"url": "https://www.ibm.com/support/pages/node/7176451"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176388",
"url": "https://www.ibm.com/support/pages/node/7176388"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176205",
"url": "https://www.ibm.com/support/pages/node/7176205"
}
]
}
CERTFR-2024-AVI-1030
Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
"url": "https://www.ibm.com/support/pages/node/7176642"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"initial_release_date": "2024-12-20T00:00:00",
"last_revision_date": "2024-12-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
Title
Bootstrap跨站脚本漏洞
Description
Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。
Bootstrap 4.1.2之前版本中的scrollspy的data-target属性存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Severity
中
Patch Name
Bootstrap跨站脚本漏洞的补丁
Patch Description
Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。
Bootstrap 4.1.2之前版本中的scrollspy的data-target属性存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
Reference
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26627
https://github.com/twbs/bootstrap/pull/26630
Impacted products
| Name | Bootstrap Bootstrap <4.1.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-14041"
}
},
"description": "Bootstrap\u662f\u4e00\u6b3e\u4f7f\u7528HTML\u3001CSS\u548cJavaScript\u5f00\u53d1\u7684\u5f00\u6e90Web\u524d\u7aef\u6846\u67b6\u3002\r\n\r\nBootstrap 4.1.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684scrollspy\u7684data-target\u5c5e\u6027\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
"discovererName": "unknow",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-13373",
"openTime": "2018-07-18",
"patchDescription": "Bootstrap\u662f\u4e00\u6b3e\u4f7f\u7528HTML\u3001CSS\u548cJavaScript\u5f00\u53d1\u7684\u5f00\u6e90Web\u524d\u7aef\u6846\u67b6\u3002\r\n\r\nBootstrap 4.1.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684scrollspy\u7684data-target\u5c5e\u6027\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Bootstrap\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Bootstrap Bootstrap \u003c4.1.2"
},
"referenceLink": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/\r\nhttps://github.com/twbs/bootstrap/issues/26423\r\nhttps://github.com/twbs/bootstrap/issues/26627\r\nhttps://github.com/twbs/bootstrap/pull/26630",
"serverity": "\u4e2d",
"submitTime": "2018-07-17",
"title": "Bootstrap\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
FKIE_CVE-2018-14041
Vulnerability from fkie_nvd - Published: 2018-07-13 14:29 - Updated: 2024-11-21 03:48
Severity
Summary
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getbootstrap | bootstrap | * | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 | |
| getbootstrap | bootstrap | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E610C4F8-4A0A-4D0C-8B4F-0E396A00D5BF",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "81E24E22-826E-478E-916F-B84B6E4A22AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "09E30D8D-85B8-42BF-91B7-005A74D78770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "14505CBF-3CA7-4F05-8492-AED273CDEC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "4D640EBF-FA2A-4D64-A520-40E13306E3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "D974C26E-F9FC-472B-85BC-931BFFB74528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "05994C85-5F6D-4C09-A700-49CF893292BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C5E15817-0A5D-4C30-9A3C-F85F275E78DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F12E3236-799A-46CB-BE07-E5A075D04BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E0A4754B-68D4-41C4-887F-E012538130F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."
},
{
"lang": "es",
"value": "En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-target de scrollspy."
}
],
"id": "CVE-2018-14041",
"lastModified": "2024-11-21T03:48:29.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T14:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26627"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-PJ7M-G53M-7638
Vulnerability from github – Published: 2018-09-13 15:49 – Updated: 2025-11-19 14:25
VLAI
Summary
Bootstrap Cross-site Scripting vulnerability
Details
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
Severity
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.7.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.7.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "twbs/bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "bootstrap.sass"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars:bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-14041"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:49:18Z",
"nvd_published_at": "2018-07-13T14:29:00Z",
"severity": "MODERATE"
},
"details": "In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.",
"id": "GHSA-pj7m-g53m-7638",
"modified": "2025-11-19T14:25:32Z",
"published": "2018-09-13T15:49:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/issues/26627"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/twbs/bootstrap"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml"
},
{
"type": "WEB",
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bootstrap Cross-site Scripting vulnerability"
}
GSD-2018-14041
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-14041",
"description": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",
"id": "GSD-2018-14041",
"references": [
"https://www.suse.com/security/cve/CVE-2018-14041.html",
"https://access.redhat.com/errata/RHSA-2019:1456",
"https://access.redhat.com/errata/RHSA-2023:0552",
"https://access.redhat.com/errata/RHSA-2023:0553",
"https://access.redhat.com/errata/RHSA-2023:0554",
"https://access.redhat.com/errata/RHSA-2023:0556"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-14041"
],
"details": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",
"id": "GSD-2018-14041",
"modified": "2023-12-13T01:22:38.210763Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://github.com/twbs/bootstrap/pull/26630",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26423",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"refsource": "MISC",
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26627",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/issues/26627"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=4.0.0 \u003c4.1.2",
"affected_versions": "All versions starting from 4.0.0 before 4.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-11",
"description": "In Bootstrap before, XSS is possible in the data-target property of scrollspy.",
"fixed_versions": [
"4.1.2"
],
"identifier": "CVE-2018-14041",
"identifiers": [
"CVE-2018-14041"
],
"not_impacted": "All versions before 4.0.0, all versions starting from 4.1.2",
"package_slug": "gem/bootstrap",
"pubdate": "2018-07-13",
"solution": "Upgrade to version 4.1.2 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"https://github.com/twbs/bootstrap/issues/26423",
"https://github.com/twbs/bootstrap/issues/26627",
"https://github.com/twbs/bootstrap/pull/26630"
],
"uuid": "46d7d3e4-45c4-49cf-b353-c746cf24986f"
},
{
"affected_range": "\u003e=4.0.0 \u003c4.1.2",
"affected_versions": "All versions starting from 4.0.0 before 4.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-11",
"description": "In Bootstrap, XSS is possible in the data-target property of scrollspy.",
"fixed_versions": [
"4.1.2"
],
"identifier": "CVE-2018-14041",
"identifiers": [
"CVE-2018-14041"
],
"not_impacted": "All versions before 4.0.0, all versions starting from 4.1.2",
"package_slug": "npm/bootstrap",
"pubdate": "2018-07-13",
"solution": "Upgrade to version 4.1.2 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-14041",
"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"https://github.com/twbs/bootstrap/issues/26423",
"https://github.com/twbs/bootstrap/issues/26627",
"https://github.com/twbs/bootstrap/pull/26630"
],
"uuid": "be69021b-65c8-403e-80c3-abd0556e2ee4"
},
{
"affected_range": "(,4.1.2)",
"affected_versions": "All versions before 4.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2021-06-14",
"description": "In Bootstrap, XSS is possible in the data-target property of scrollspy.",
"fixed_versions": [],
"identifier": "CVE-2018-14041",
"identifiers": [
"CVE-2018-14041"
],
"not_impacted": "",
"package_slug": "nuget/Bootstrap.Less",
"pubdate": "2018-07-13",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-14041"
],
"uuid": "f5e77ef7-255a-4cd8-a699-46669fc9d64f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14041"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/twbs/bootstrap/pull/26630",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/pull/26630"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26627",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26627"
},
{
"name": "https://github.com/twbs/bootstrap/issues/26423",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/issues/26423"
},
{
"name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "RHSA-2019:1456",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-06-14T18:15Z",
"publishedDate": "2018-07-13T14:29Z"
}
}
}
OPENSUSE-SU-2024:11242-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jupyter-notebook-6.2.0-1.4 on GA media
Severity
Moderate
Notes
Title of the patch: jupyter-notebook-6.2.0-1.4 on GA media
Description of the patch: These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11242
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jupyter-notebook-6.2.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11242",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11242-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6524 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6524/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9971 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14041 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8768 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10255 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11358 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11358/"
}
],
"title": "jupyter-notebook-6.2.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11242-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python36-notebook-6.2.0-1.4.aarch64",
"product_id": "python36-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python36-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python38-notebook-6.2.0-1.4.aarch64",
"product_id": "python38-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python38-notebook-lang-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.aarch64",
"product": {
"name": "python39-notebook-6.2.0-1.4.aarch64",
"product_id": "python39-notebook-6.2.0-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.aarch64",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.aarch64",
"product_id": "python39-notebook-lang-6.2.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python36-notebook-6.2.0-1.4.ppc64le",
"product_id": "python36-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python36-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python38-notebook-6.2.0-1.4.ppc64le",
"product_id": "python38-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python38-notebook-lang-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.ppc64le",
"product": {
"name": "python39-notebook-6.2.0-1.4.ppc64le",
"product_id": "python39-notebook-6.2.0-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"product_id": "python39-notebook-lang-6.2.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python36-notebook-6.2.0-1.4.s390x",
"product_id": "python36-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python36-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python38-notebook-6.2.0-1.4.s390x",
"product_id": "python38-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python38-notebook-lang-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.s390x",
"product": {
"name": "python39-notebook-6.2.0-1.4.s390x",
"product_id": "python39-notebook-6.2.0-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.s390x",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.s390x",
"product_id": "python39-notebook-lang-6.2.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jupyter-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"product": {
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"product_id": "jupyter-notebook-latex-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python36-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python36-notebook-6.2.0-1.4.x86_64",
"product_id": "python36-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python36-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python36-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python36-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python38-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python38-notebook-6.2.0-1.4.x86_64",
"product_id": "python38-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python38-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python38-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python38-notebook-lang-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-notebook-6.2.0-1.4.x86_64",
"product": {
"name": "python39-notebook-6.2.0-1.4.x86_64",
"product_id": "python39-notebook-6.2.0-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python39-notebook-lang-6.2.0-1.4.x86_64",
"product": {
"name": "python39-notebook-lang-6.2.0-1.4.x86_64",
"product_id": "python39-notebook-lang-6.2.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jupyter-notebook-latex-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64"
},
"product_reference": "jupyter-notebook-latex-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python36-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python36-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python36-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python36-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python36-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python38-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python38-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python38-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python38-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python38-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64"
},
"product_reference": "python39-notebook-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le"
},
"product_reference": "python39-notebook-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x"
},
"product_reference": "python39-notebook-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64"
},
"product_reference": "python39-notebook-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-notebook-lang-6.2.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
},
"product_reference": "python39-notebook-lang-6.2.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-6524",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6524"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6524",
"url": "https://www.suse.com/security/cve/CVE-2016-6524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6524"
},
{
"cve": "CVE-2016-9971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9971"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9971",
"url": "https://www.suse.com/security/cve/CVE-2016-9971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9971"
},
{
"cve": "CVE-2018-14041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14041"
}
],
"notes": [
{
"category": "general",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14041",
"url": "https://www.suse.com/security/cve/CVE-2018-14041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14041"
},
{
"cve": "CVE-2018-8768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8768"
}
],
"notes": [
{
"category": "general",
"text": "In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is \u0027fixed\u0027 by jQuery after sanitization, making it dangerous.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8768",
"url": "https://www.suse.com/security/cve/CVE-2018-8768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8768"
},
{
"cve": "CVE-2019-10255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10255"
}
],
"notes": [
{
"category": "general",
"text": "An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10255",
"url": "https://www.suse.com/security/cve/CVE-2019-10255"
},
{
"category": "external",
"summary": "SUSE Bug 1131105 for CVE-2019-10255",
"url": "https://bugzilla.suse.com/1131105"
},
{
"category": "external",
"summary": "SUSE Bug 1131652 for CVE-2019-10255",
"url": "https://bugzilla.suse.com/1131652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10255"
},
{
"cve": "CVE-2019-11358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11358",
"url": "https://www.suse.com/security/cve/CVE-2019-11358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-6.2.0-1.4.x86_64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.aarch64",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.ppc64le",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.s390x",
"openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11358"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…