Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-4671 (GCVE-0-2014-4671)
Vulnerability from cvelistv5 – Published: 2014-07-09 01:00 – Updated: 2024-08-06 11:27
VLAI?
EPSS
Summary
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://miki.it/blog/2014/7/8/abusing-jsonp-with-r… | x_refsource_MISC |
| http://rhn.redhat.com/errata/RHSA-2014-0860.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/68457 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/59774 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id/1030533 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/59837 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201407-02.xml | vendor-advisoryx_refsource_GENTOO |
| http://helpx.adobe.com/security/products/flash-pl… | x_refsource_CONFIRM |
Date Public ?
2014-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "RHSA-2014:0860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name": "68457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59774"
},
{
"name": "1030533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "59837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59837"
},
{
"name": "GLSA-201407-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-15T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "RHSA-2014:0860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name": "68457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59774"
},
{
"name": "1030533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "59837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59837"
},
{
"name": "GLSA-201407-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"refsource": "MISC",
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "RHSA-2014:0860",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name": "68457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59774"
},
{
"name": "1030533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "59837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59837"
},
{
"name": "GLSA-201407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4671",
"datePublished": "2014-07-09T01:00:00.000Z",
"dateReserved": "2014-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-4671",
"date": "2026-05-22",
"epss": "0.35827",
"percentile": "0.97142"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.2.202.378\", \"matchCriteriaId\": \"A6EE848A-771C-4A59-8BFD-CFED00CBD1FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"146E1EAC-B9AF-4511-A0DC-A048428E3B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AFBB9EA-1A66-4FBC-BF89-7DF04FDD6788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39065E60-3680-4384-95C0-EF4F874D2400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B0603B3-5C98-422D-A49D-EBE1798DAE69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AC7882D-1577-4CEA-B1C0-0FEBC91A441A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED86796-B721-49B1-A021-82FA769FA024\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF7843C6-628A-4091-8A09-6E126A89870E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"472F569C-0FD5-4F61-A4D6-258A8A9C4008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E91A468-191C-4A2D-B1B6-0DDE8BB1C1D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47F94E94-C190-4559-8FF6-FEEE6634B67B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CC3FDE1-44FD-4BC3-BB43-C44C94D3F794\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE46E137-5298-44FA-B40C-6079C9AEE60F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14EAFB3-3718-466F-8EB2-61D00D569251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD3390A0-8EB6-424E-96AC-B87E22D6FF6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCD935A5-D923-48CC-9699-977C5123D52C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AABFF8D-2C2A-4B8B-9DE2-C74EECEDD86F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD0EF3E4-C91F-4AD4-91E7-A10DC66DE4A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DDB9C24-953C-4268-8C4A-E7C0F021698E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8474A98-24F4-43E5-9402-319F68A9880B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD7F4E8-742E-4264-84EE-22D9E3CB3C76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97DBA814-D400-440C-BEEA-AB1913F783C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CDA6379-D70E-476C-82C5-C916C13CA081\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"515589AD-8CC1-46CE-9F9A-BAAD725E2C8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"308488AB-3D95-4231-8201-BF4EE5C9C151\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDB40406-277E-4BF5-ADCF-BE16B1CF390B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33165339-9DCC-46B2-B22F-CF31D26175D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28AB62F3-9CB0-4ED8-9785-2B4878BB101D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.0.0.110\", \"matchCriteriaId\": \"1601647A-06A7-4D82-9BF0-5DCAAC5A2114\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C898203-9D6E-4430-8905-C28180F954E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"434B6846-3ED5-4F23-88D1-567668EE8E94\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.0.0.110\", \"matchCriteriaId\": \"D4010CF1-D0B6-46FD-97DF-6F546881AFA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B005E5AC-DD7D-413E-92A2-4E8D7F3F2D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F228403E-68B3-4B18-B120-066346D80891\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"13.0.0.223\", \"matchCriteriaId\": \"C96C2CD0-3CBE-4770-B1CC-1A53BEE493A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3DD6547-ABEE-4734-87AA-BD3E247226B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0732FFB7-4BFD-499D-A166-9128F3DABA0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C282F91D-C1FE-4CC7-A33D-8E43F85DF168\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11E8C1F3-83AA-468B-8F5A-285F3BD19CC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5D7202D-56DF-400B-9F09-E7D9938222D3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.\"}, {\"lang\": \"es\", \"value\": \"Adobe Flash Player anterior a 13.0.0.231 y 14.x anterior a 14.0.0.145 en Windows y OS X y anterior a 11.2.202.394 en Linux, Adobe AIR anterior a 14.0.0.137 en Android, Adobe AIR SDK anterior a 14.0.0.137 y Adobe AIR SDK \u0026 Compiler anterior a 14.0.0.137 no restringen debidamente el formatos de ficheros SWF, lo que permitte a atacantes remotos realizar ataques de CSRF contra Endpoints JSONP, y obtener informaci\\u00f3n sensible, a trav\\u00e9s de un elemento OBJECT manipulado con contenido SWF que satisface los requisitos de la configuraci\\u00f3n de caracteres de una API de devoluci\\u00f3n de llamadas.\"}]",
"id": "CVE-2014-4671",
"lastModified": "2024-11-21T02:10:41.097",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2014-07-09T05:04:24.960",
"references": "[{\"url\": \"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0860.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/59774\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/59837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201407-02.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/68457\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1030533\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0860.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/59774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/59837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201407-02.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/68457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030533\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-4671\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-07-09T05:04:24.960\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player anterior a 13.0.0.231 y 14.x anterior a 14.0.0.145 en Windows y OS X y anterior a 11.2.202.394 en Linux, Adobe AIR anterior a 14.0.0.137 en Android, Adobe AIR SDK anterior a 14.0.0.137 y Adobe AIR SDK \u0026 Compiler anterior a 14.0.0.137 no restringen debidamente el formatos de ficheros SWF, lo que permitte a atacantes remotos realizar ataques de CSRF contra Endpoints JSONP, y obtener informaci\u00f3n sensible, a trav\u00e9s de un elemento OBJECT manipulado con contenido SWF que satisface los requisitos de la configuraci\u00f3n de caracteres de una API de devoluci\u00f3n de llamadas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.2.202.378\",\"matchCriteriaId\":\"A6EE848A-771C-4A59-8BFD-CFED00CBD1FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"146E1EAC-B9AF-4511-A0DC-A048428E3B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AFBB9EA-1A66-4FBC-BF89-7DF04FDD6788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39065E60-3680-4384-95C0-EF4F874D2400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0603B3-5C98-422D-A49D-EBE1798DAE69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AC7882D-1577-4CEA-B1C0-0FEBC91A441A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED86796-B721-49B1-A021-82FA769FA024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7843C6-628A-4091-8A09-6E126A89870E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"472F569C-0FD5-4F61-A4D6-258A8A9C4008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E91A468-191C-4A2D-B1B6-0DDE8BB1C1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47F94E94-C190-4559-8FF6-FEEE6634B67B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC3FDE1-44FD-4BC3-BB43-C44C94D3F794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE46E137-5298-44FA-B40C-6079C9AEE60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14EAFB3-3718-466F-8EB2-61D00D569251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD3390A0-8EB6-424E-96AC-B87E22D6FF6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCD935A5-D923-48CC-9699-977C5123D52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AABFF8D-2C2A-4B8B-9DE2-C74EECEDD86F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD0EF3E4-C91F-4AD4-91E7-A10DC66DE4A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DDB9C24-953C-4268-8C4A-E7C0F021698E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8474A98-24F4-43E5-9402-319F68A9880B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD7F4E8-742E-4264-84EE-22D9E3CB3C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97DBA814-D400-440C-BEEA-AB1913F783C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDA6379-D70E-476C-82C5-C916C13CA081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"515589AD-8CC1-46CE-9F9A-BAAD725E2C8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"308488AB-3D95-4231-8201-BF4EE5C9C151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDB40406-277E-4BF5-ADCF-BE16B1CF390B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33165339-9DCC-46B2-B22F-CF31D26175D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28AB62F3-9CB0-4ED8-9785-2B4878BB101D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.0.0.110\",\"matchCriteriaId\":\"1601647A-06A7-4D82-9BF0-5DCAAC5A2114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C898203-9D6E-4430-8905-C28180F954E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"434B6846-3ED5-4F23-88D1-567668EE8E94\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.0.0.110\",\"matchCriteriaId\":\"D4010CF1-D0B6-46FD-97DF-6F546881AFA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B005E5AC-DD7D-413E-92A2-4E8D7F3F2D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F228403E-68B3-4B18-B120-066346D80891\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"13.0.0.223\",\"matchCriteriaId\":\"C96C2CD0-3CBE-4770-B1CC-1A53BEE493A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3DD6547-ABEE-4734-87AA-BD3E247226B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0732FFB7-4BFD-499D-A166-9128F3DABA0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C282F91D-C1FE-4CC7-A33D-8E43F85DF168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E8C1F3-83AA-468B-8F5A-285F3BD19CC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D7202D-56DF-400B-9F09-E7D9938222D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0860.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/59774\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/59837\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201407-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/68457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1030533\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0860.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201407-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/68457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2014-AVI-306
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player version 14.0.0.125 et ant\u00e9rieures pour Windows et Macintosh",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player version 11.2.202.378 et ant\u00e9rieures pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe AIR version 14.0.0.110 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4671",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4671"
},
{
"name": "CVE-2014-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0537"
},
{
"name": "CVE-2014-0539",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0539"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-306",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB14-17 du 08 juillet 2014",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
]
}
CERTFR-2014-AVI-306
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adobe Flash Player version 14.0.0.125 et ant\u00e9rieures pour Windows et Macintosh",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe Flash Player version 11.2.202.378 et ant\u00e9rieures pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Adobe AIR version 14.0.0.110 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4671",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4671"
},
{
"name": "CVE-2014-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0537"
},
{
"name": "CVE-2014-0539",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0539"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-306",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB14-17 du 08 juillet 2014",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
]
}
FKIE_CVE-2014-4671
Vulnerability from fkie_nvd - Published: 2014-07-09 05:04 - Updated: 2026-05-06 22:30
Severity ?
Summary
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EE848A-771C-4A59-8BFD-CFED00CBD1FD",
"versionEndIncluding": "11.2.202.378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*",
"matchCriteriaId": "146E1EAC-B9AF-4511-A0DC-A048428E3B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFBB9EA-1A66-4FBC-BF89-7DF04FDD6788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*",
"matchCriteriaId": "39065E60-3680-4384-95C0-EF4F874D2400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0603B3-5C98-422D-A49D-EBE1798DAE69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC7882D-1577-4CEA-B1C0-0FEBC91A441A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*",
"matchCriteriaId": "CED86796-B721-49B1-A021-82FA769FA024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7843C6-628A-4091-8A09-6E126A89870E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*",
"matchCriteriaId": "472F569C-0FD5-4F61-A4D6-258A8A9C4008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*",
"matchCriteriaId": "1E91A468-191C-4A2D-B1B6-0DDE8BB1C1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*",
"matchCriteriaId": "47F94E94-C190-4559-8FF6-FEEE6634B67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC3FDE1-44FD-4BC3-BB43-C44C94D3F794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*",
"matchCriteriaId": "FE46E137-5298-44FA-B40C-6079C9AEE60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*",
"matchCriteriaId": "D14EAFB3-3718-466F-8EB2-61D00D569251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3390A0-8EB6-424E-96AC-B87E22D6FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD935A5-D923-48CC-9699-977C5123D52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*",
"matchCriteriaId": "5AABFF8D-2C2A-4B8B-9DE2-C74EECEDD86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0EF3E4-C91F-4AD4-91E7-A10DC66DE4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDB9C24-953C-4268-8C4A-E7C0F021698E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*",
"matchCriteriaId": "E8474A98-24F4-43E5-9402-319F68A9880B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD7F4E8-742E-4264-84EE-22D9E3CB3C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*",
"matchCriteriaId": "97DBA814-D400-440C-BEEA-AB1913F783C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDA6379-D70E-476C-82C5-C916C13CA081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*",
"matchCriteriaId": "515589AD-8CC1-46CE-9F9A-BAAD725E2C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*",
"matchCriteriaId": "308488AB-3D95-4231-8201-BF4EE5C9C151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB40406-277E-4BF5-ADCF-BE16B1CF390B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*",
"matchCriteriaId": "33165339-9DCC-46B2-B22F-CF31D26175D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*",
"matchCriteriaId": "28AB62F3-9CB0-4ED8-9785-2B4878BB101D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1601647A-06A7-4D82-9BF0-5DCAAC5A2114",
"versionEndIncluding": "14.0.0.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "3C898203-9D6E-4430-8905-C28180F954E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*",
"matchCriteriaId": "434B6846-3ED5-4F23-88D1-567668EE8E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4010CF1-D0B6-46FD-97DF-6F546881AFA6",
"versionEndIncluding": "14.0.0.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B005E5AC-DD7D-413E-92A2-4E8D7F3F2D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*",
"matchCriteriaId": "F228403E-68B3-4B18-B120-066346D80891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C2CD0-3CBE-4770-B1CC-1A53BEE493A0",
"versionEndIncluding": "13.0.0.223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DD6547-ABEE-4734-87AA-BD3E247226B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "0732FFB7-4BFD-499D-A166-9128F3DABA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*",
"matchCriteriaId": "C282F91D-C1FE-4CC7-A33D-8E43F85DF168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*",
"matchCriteriaId": "11E8C1F3-83AA-468B-8F5A-285F3BD19CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
},
{
"lang": "es",
"value": "Adobe Flash Player anterior a 13.0.0.231 y 14.x anterior a 14.0.0.145 en Windows y OS X y anterior a 11.2.202.394 en Linux, Adobe AIR anterior a 14.0.0.137 en Android, Adobe AIR SDK anterior a 14.0.0.137 y Adobe AIR SDK \u0026 Compiler anterior a 14.0.0.137 no restringen debidamente el formatos de ficheros SWF, lo que permitte a atacantes remotos realizar ataques de CSRF contra Endpoints JSONP, y obtener informaci\u00f3n sensible, a trav\u00e9s de un elemento OBJECT manipulado con contenido SWF que satisface los requisitos de la configuraci\u00f3n de caracteres de una API de devoluci\u00f3n de llamadas."
}
],
"id": "CVE-2014-4671",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-09T05:04:24.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59774"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59837"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-363H-VJ6Q-3CMJ
Vulnerability from github – Published: 2020-08-31 22:45 – Updated: 2021-09-23 19:28
VLAI?
Summary
Rosetta-Flash JSONP Vulnerability in hapi
Details
This description taken from the pull request provided by Patrick Kettner.
Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy.
Recommendation
- Update hapi to version 6.1.1 or later.
Alternatively, a solution previously implemented by Google, Facebook, and Github is to prepend callbacks with an empty inline comment. This will cause the flash parser to break on invalid inputs and prevent the issue, and how the issue has been resolved internally in hapi.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hapi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-4671"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:07:45Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "This description taken from the pull request provided by Patrick Kettner.\n\n\n\nVersions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy.\n\n\n\n\n\n## Recommendation\n\n- Update hapi to version 6.1.1 or later.\n\nAlternatively, a solution previously implemented by Google, Facebook, and Github is to prepend callbacks with an empty inline comment. This will cause the flash parser to break on invalid inputs and prevent the issue, and how the issue has been resolved internally in hapi.",
"id": "GHSA-363h-vj6q-3cmj",
"modified": "2021-09-23T19:28:27Z",
"published": "2020-08-31T22:45:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4671"
},
{
"type": "WEB",
"url": "https://github.com/spumko/hapi/pull/1766"
},
{
"type": "WEB",
"url": "https://github.com/hapijs/hapi/commit/d47f57abf23bdaa84f61aed2bac94ae5f358afb7"
},
{
"type": "WEB",
"url": "https://github.com/patrickkettner"
},
{
"type": "PACKAGE",
"url": "https://github.com/spumko/hapi"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/12"
},
{
"type": "WEB",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"type": "WEB",
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59774"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59837"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030533"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Rosetta-Flash JSONP Vulnerability in hapi"
}
GSD-2014-4671
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4671",
"description": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"id": "GSD-2014-4671",
"references": [
"https://www.suse.com/security/cve/CVE-2014-4671.html",
"https://access.redhat.com/errata/RHSA-2014:0860",
"https://advisories.mageia.org/CVE-2014-4671.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-4671"
],
"details": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"id": "GSD-2014-4671",
"modified": "2023-12-13T01:22:45.860323Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"refsource": "MISC",
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "RHSA-2014:0860",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
},
{
"name": "68457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59774"
},
{
"name": "1030533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "59837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59837"
},
{
"name": "GLSA-201407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c6.1.0",
"affected_versions": "All versions before 6.1.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-352",
"CWE-937"
],
"date": "2021-09-23",
"description": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"fixed_versions": [
"6.1.0"
],
"identifier": "CVE-2014-4671",
"identifiers": [
"GHSA-363h-vj6q-3cmj",
"CVE-2014-4671"
],
"not_impacted": "All versions starting from 6.1.0",
"package_slug": "npm/hapi",
"pubdate": "2020-08-31",
"solution": "Upgrade to version 6.1.0 or above.",
"title": "Cross-Site Request Forgery (CSRF)",
"urls": [
"https://github.com/spumko/hapi/pull/1766",
"https://github.com/patrickkettner",
"https://www.npmjs.com/advisories/12",
"http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"https://nvd.nist.gov/vuln/detail/CVE-2014-4671",
"http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"http://rhn.redhat.com/errata/RHSA-2014-0860.html",
"http://secunia.com/advisories/59774",
"http://secunia.com/advisories/59837",
"http://security.gentoo.org/glsa/glsa-201407-02.xml",
"http://www.securityfocus.com/bid/68457",
"http://www.securitytracker.com/id/1030533",
"https://github.com/advisories/GHSA-363h-vj6q-3cmj"
],
"uuid": "9539a04b-5842-4a75-adc9-4a4974c16d35"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.202.378",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0.0.110",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0.0.110",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.0.223",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4671"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"name": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/"
},
{
"name": "59774",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59774"
},
{
"name": "GLSA-201407-02",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201407-02.xml"
},
{
"name": "1030533",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1030533"
},
{
"name": "68457",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/68457"
},
{
"name": "59837",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59837"
},
{
"name": "RHSA-2014:0860",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0860.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2015-09-22T18:47Z",
"publishedDate": "2014-07-09T05:04Z"
}
}
}
OPENSUSE-SU-2024:10223-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python-pyramid-1.6-1.4 on GA media
Severity
Moderate
Notes
Title of the patch: python-pyramid-1.6-1.4 on GA media
Description of the patch: These are all security issues fixed in the python-pyramid-1.6-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10223
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-1.6-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-1.6-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-1.6-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-1.6-1.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2014-4671/ | self |
| https://www.suse.com/security/cve/CVE-2014-4671 | external |
| https://bugzilla.suse.com/886454 | external |
| https://bugzilla.suse.com/891688 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-pyramid-1.6-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-pyramid-1.6-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10223",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10223-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4671/"
}
],
"title": "python-pyramid-1.6-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10223-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-pyramid-1.6-1.4.aarch64",
"product": {
"name": "python-pyramid-1.6-1.4.aarch64",
"product_id": "python-pyramid-1.6-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "python-pyramid-doc-1.6-1.4.aarch64",
"product": {
"name": "python-pyramid-doc-1.6-1.4.aarch64",
"product_id": "python-pyramid-doc-1.6-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pyramid-1.6-1.4.ppc64le",
"product": {
"name": "python-pyramid-1.6-1.4.ppc64le",
"product_id": "python-pyramid-1.6-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python-pyramid-doc-1.6-1.4.ppc64le",
"product": {
"name": "python-pyramid-doc-1.6-1.4.ppc64le",
"product_id": "python-pyramid-doc-1.6-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pyramid-1.6-1.4.s390x",
"product": {
"name": "python-pyramid-1.6-1.4.s390x",
"product_id": "python-pyramid-1.6-1.4.s390x"
}
},
{
"category": "product_version",
"name": "python-pyramid-doc-1.6-1.4.s390x",
"product": {
"name": "python-pyramid-doc-1.6-1.4.s390x",
"product_id": "python-pyramid-doc-1.6-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pyramid-1.6-1.4.x86_64",
"product": {
"name": "python-pyramid-1.6-1.4.x86_64",
"product_id": "python-pyramid-1.6-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "python-pyramid-doc-1.6-1.4.x86_64",
"product": {
"name": "python-pyramid-doc-1.6-1.4.x86_64",
"product_id": "python-pyramid-doc-1.6-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-1.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-1.6-1.4.aarch64"
},
"product_reference": "python-pyramid-1.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-1.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-1.6-1.4.ppc64le"
},
"product_reference": "python-pyramid-1.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-1.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-1.6-1.4.s390x"
},
"product_reference": "python-pyramid-1.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-1.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-1.6-1.4.x86_64"
},
"product_reference": "python-pyramid-1.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-doc-1.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.aarch64"
},
"product_reference": "python-pyramid-doc-1.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-doc-1.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.ppc64le"
},
"product_reference": "python-pyramid-doc-1.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-doc-1.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.s390x"
},
"product_reference": "python-pyramid-doc-1.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyramid-doc-1.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.x86_64"
},
"product_reference": "python-pyramid-doc-1.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4671"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.aarch64",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.ppc64le",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.s390x",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.x86_64",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.aarch64",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.ppc64le",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.s390x",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4671",
"url": "https://www.suse.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "SUSE Bug 886454 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/886454"
},
{
"category": "external",
"summary": "SUSE Bug 891688 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/891688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.aarch64",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.ppc64le",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.s390x",
"openSUSE Tumbleweed:python-pyramid-1.6-1.4.x86_64",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.aarch64",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.ppc64le",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.s390x",
"openSUSE Tumbleweed:python-pyramid-doc-1.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4671"
}
]
}
OPENSUSE-SU-2024:10332-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10332
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10332",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10332-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7818 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10332-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4671"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4671",
"url": "https://www.suse.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "SUSE Bug 886454 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/886454"
},
{
"category": "external",
"summary": "SUSE Bug 891688 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/891688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4671"
},
{
"cve": "CVE-2014-7818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7818"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7818",
"url": "https://www.suse.com/security/cve/CVE-2014-7818"
},
{
"category": "external",
"summary": "SUSE Bug 903662 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/903662"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-7818"
},
{
"cve": "CVE-2014-7829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7829"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7829",
"url": "https://www.suse.com/security/cve/CVE-2014-7829"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7829",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7829"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
OPENSUSE-SU-2024:11257-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python36-pyramid-2.0-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: python36-pyramid-2.0-1.2 on GA media
Description of the patch: These are all security issues fixed in the python36-pyramid-2.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11257
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python36-pyramid-2.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-pyramid-2.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-pyramid-2.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-pyramid-2.0-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-pyramid-2.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-pyramid-2.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-pyramid-2.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-pyramid-2.0-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-pyramid-2.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-pyramid-2.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-pyramid-2.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-pyramid-2.0-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2014-4671/ | self |
| https://www.suse.com/security/cve/CVE-2014-4671 | external |
| https://bugzilla.suse.com/886454 | external |
| https://bugzilla.suse.com/891688 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-pyramid-2.0-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-pyramid-2.0-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11257",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11257-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4671/"
}
],
"title": "python36-pyramid-2.0-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11257-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-pyramid-2.0-1.2.aarch64",
"product": {
"name": "python36-pyramid-2.0-1.2.aarch64",
"product_id": "python36-pyramid-2.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python38-pyramid-2.0-1.2.aarch64",
"product": {
"name": "python38-pyramid-2.0-1.2.aarch64",
"product_id": "python38-pyramid-2.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python39-pyramid-2.0-1.2.aarch64",
"product": {
"name": "python39-pyramid-2.0-1.2.aarch64",
"product_id": "python39-pyramid-2.0-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pyramid-2.0-1.2.ppc64le",
"product": {
"name": "python36-pyramid-2.0-1.2.ppc64le",
"product_id": "python36-pyramid-2.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-pyramid-2.0-1.2.ppc64le",
"product": {
"name": "python38-pyramid-2.0-1.2.ppc64le",
"product_id": "python38-pyramid-2.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-pyramid-2.0-1.2.ppc64le",
"product": {
"name": "python39-pyramid-2.0-1.2.ppc64le",
"product_id": "python39-pyramid-2.0-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pyramid-2.0-1.2.s390x",
"product": {
"name": "python36-pyramid-2.0-1.2.s390x",
"product_id": "python36-pyramid-2.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python38-pyramid-2.0-1.2.s390x",
"product": {
"name": "python38-pyramid-2.0-1.2.s390x",
"product_id": "python38-pyramid-2.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python39-pyramid-2.0-1.2.s390x",
"product": {
"name": "python39-pyramid-2.0-1.2.s390x",
"product_id": "python39-pyramid-2.0-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pyramid-2.0-1.2.x86_64",
"product": {
"name": "python36-pyramid-2.0-1.2.x86_64",
"product_id": "python36-pyramid-2.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python38-pyramid-2.0-1.2.x86_64",
"product": {
"name": "python38-pyramid-2.0-1.2.x86_64",
"product_id": "python38-pyramid-2.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python39-pyramid-2.0-1.2.x86_64",
"product": {
"name": "python39-pyramid-2.0-1.2.x86_64",
"product_id": "python39-pyramid-2.0-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pyramid-2.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pyramid-2.0-1.2.aarch64"
},
"product_reference": "python36-pyramid-2.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pyramid-2.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pyramid-2.0-1.2.ppc64le"
},
"product_reference": "python36-pyramid-2.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pyramid-2.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pyramid-2.0-1.2.s390x"
},
"product_reference": "python36-pyramid-2.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pyramid-2.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pyramid-2.0-1.2.x86_64"
},
"product_reference": "python36-pyramid-2.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyramid-2.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pyramid-2.0-1.2.aarch64"
},
"product_reference": "python38-pyramid-2.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyramid-2.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pyramid-2.0-1.2.ppc64le"
},
"product_reference": "python38-pyramid-2.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyramid-2.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pyramid-2.0-1.2.s390x"
},
"product_reference": "python38-pyramid-2.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pyramid-2.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pyramid-2.0-1.2.x86_64"
},
"product_reference": "python38-pyramid-2.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyramid-2.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pyramid-2.0-1.2.aarch64"
},
"product_reference": "python39-pyramid-2.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyramid-2.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pyramid-2.0-1.2.ppc64le"
},
"product_reference": "python39-pyramid-2.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyramid-2.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pyramid-2.0-1.2.s390x"
},
"product_reference": "python39-pyramid-2.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pyramid-2.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pyramid-2.0-1.2.x86_64"
},
"product_reference": "python39-pyramid-2.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4671"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.x86_64",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.x86_64",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4671",
"url": "https://www.suse.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "SUSE Bug 886454 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/886454"
},
{
"category": "external",
"summary": "SUSE Bug 891688 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/891688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python36-pyramid-2.0-1.2.x86_64",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python38-pyramid-2.0-1.2.x86_64",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.aarch64",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.ppc64le",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.s390x",
"openSUSE Tumbleweed:python39-pyramid-2.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4671"
}
]
}
OPENSUSE-SU-2024:14155-1
Vulnerability from csaf_opensuse - Published: 2024-07-12 00:00 - Updated: 2024-07-12 00:00Summary
python310-pyramid-2.0.2-1.3 on GA media
Severity
Moderate
Notes
Title of the patch: python310-pyramid-2.0.2-1.3 on GA media
Description of the patch: These are all security issues fixed in the python310-pyramid-2.0.2-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14155
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
6 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2014-4671/ | self |
| https://www.suse.com/security/cve/CVE-2014-4671 | external |
| https://bugzilla.suse.com/886454 | external |
| https://bugzilla.suse.com/891688 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-pyramid-2.0.2-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-pyramid-2.0.2-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14155",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14155-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4671/"
}
],
"title": "python310-pyramid-2.0.2-1.3 on GA media",
"tracking": {
"current_release_date": "2024-07-12T00:00:00Z",
"generator": {
"date": "2024-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14155-1",
"initial_release_date": "2024-07-12T00:00:00Z",
"revision_history": [
{
"date": "2024-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-pyramid-2.0.2-1.3.aarch64",
"product": {
"name": "python310-pyramid-2.0.2-1.3.aarch64",
"product_id": "python310-pyramid-2.0.2-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "python311-pyramid-2.0.2-1.3.aarch64",
"product": {
"name": "python311-pyramid-2.0.2-1.3.aarch64",
"product_id": "python311-pyramid-2.0.2-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "python312-pyramid-2.0.2-1.3.aarch64",
"product": {
"name": "python312-pyramid-2.0.2-1.3.aarch64",
"product_id": "python312-pyramid-2.0.2-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pyramid-2.0.2-1.3.ppc64le",
"product": {
"name": "python310-pyramid-2.0.2-1.3.ppc64le",
"product_id": "python310-pyramid-2.0.2-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-pyramid-2.0.2-1.3.ppc64le",
"product": {
"name": "python311-pyramid-2.0.2-1.3.ppc64le",
"product_id": "python311-pyramid-2.0.2-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-pyramid-2.0.2-1.3.ppc64le",
"product": {
"name": "python312-pyramid-2.0.2-1.3.ppc64le",
"product_id": "python312-pyramid-2.0.2-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pyramid-2.0.2-1.3.s390x",
"product": {
"name": "python310-pyramid-2.0.2-1.3.s390x",
"product_id": "python310-pyramid-2.0.2-1.3.s390x"
}
},
{
"category": "product_version",
"name": "python311-pyramid-2.0.2-1.3.s390x",
"product": {
"name": "python311-pyramid-2.0.2-1.3.s390x",
"product_id": "python311-pyramid-2.0.2-1.3.s390x"
}
},
{
"category": "product_version",
"name": "python312-pyramid-2.0.2-1.3.s390x",
"product": {
"name": "python312-pyramid-2.0.2-1.3.s390x",
"product_id": "python312-pyramid-2.0.2-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pyramid-2.0.2-1.3.x86_64",
"product": {
"name": "python310-pyramid-2.0.2-1.3.x86_64",
"product_id": "python310-pyramid-2.0.2-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "python311-pyramid-2.0.2-1.3.x86_64",
"product": {
"name": "python311-pyramid-2.0.2-1.3.x86_64",
"product_id": "python311-pyramid-2.0.2-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "python312-pyramid-2.0.2-1.3.x86_64",
"product": {
"name": "python312-pyramid-2.0.2-1.3.x86_64",
"product_id": "python312-pyramid-2.0.2-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pyramid-2.0.2-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.aarch64"
},
"product_reference": "python310-pyramid-2.0.2-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pyramid-2.0.2-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.ppc64le"
},
"product_reference": "python310-pyramid-2.0.2-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pyramid-2.0.2-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.s390x"
},
"product_reference": "python310-pyramid-2.0.2-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pyramid-2.0.2-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.x86_64"
},
"product_reference": "python310-pyramid-2.0.2-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyramid-2.0.2-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.aarch64"
},
"product_reference": "python311-pyramid-2.0.2-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyramid-2.0.2-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.ppc64le"
},
"product_reference": "python311-pyramid-2.0.2-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyramid-2.0.2-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.s390x"
},
"product_reference": "python311-pyramid-2.0.2-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyramid-2.0.2-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.x86_64"
},
"product_reference": "python311-pyramid-2.0.2-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pyramid-2.0.2-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.aarch64"
},
"product_reference": "python312-pyramid-2.0.2-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pyramid-2.0.2-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.ppc64le"
},
"product_reference": "python312-pyramid-2.0.2-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pyramid-2.0.2-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.s390x"
},
"product_reference": "python312-pyramid-2.0.2-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pyramid-2.0.2-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.x86_64"
},
"product_reference": "python312-pyramid-2.0.2-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4671"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.x86_64",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.x86_64",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4671",
"url": "https://www.suse.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "SUSE Bug 886454 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/886454"
},
{
"category": "external",
"summary": "SUSE Bug 891688 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/891688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python310-pyramid-2.0.2-1.3.x86_64",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python311-pyramid-2.0.2-1.3.x86_64",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.aarch64",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.ppc64le",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.s390x",
"openSUSE Tumbleweed:python312-pyramid-2.0.2-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4671"
}
]
}
RHSA-2014:0860
Vulnerability from csaf_redhat - Published: 2014-07-09 11:11 - Updated: 2025-11-21 17:49Summary
Red Hat Security Advisory: flash-plugin security update
Severity
Critical
Notes
Topic: An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0537, CVE-2014-0539)
This update also fixes a flaw that would lead to Cross-Site Request Forgery
(CSRF) attacks. (CVE-2014-4671)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.394.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.
6.8 ()
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.
6.8 ()
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A flaw was found that would lead to Cross-Site Request Forgery (CSRF) attacks.
4.3 ()
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated Adobe Flash Player package that fixes three security issues is\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2014-0537, CVE-2014-0539)\n\nThis update also fixes a flaw that would lead to Cross-Site Request Forgery\n(CSRF) attacks. (CVE-2014-4671)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.394.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0860",
"url": "https://access.redhat.com/errata/RHSA-2014:0860"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
},
{
"category": "external",
"summary": "1117586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1117586"
},
{
"category": "external",
"summary": "1117588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1117588"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0860.json"
}
],
"title": "Red Hat Security Advisory: flash-plugin security update",
"tracking": {
"current_release_date": "2025-11-21T17:49:05+00:00",
"generator": {
"date": "2025-11-21T17:49:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2014:0860",
"initial_release_date": "2014-07-09T11:11:07+00:00",
"revision_history": [
{
"date": "2014-07-09T11:11:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-09T11:11:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:49:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.10.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.5.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.5.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.5.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:11.2.202.394-1.el5.i386",
"product": {
"name": "flash-plugin-0:11.2.202.394-1.el5.i386",
"product_id": "flash-plugin-0:11.2.202.394-1.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@11.2.202.394-1.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "flash-plugin-0:11.2.202.394-1.el6.i686",
"product": {
"name": "flash-plugin-0:11.2.202.394-1.el6.i686",
"product_id": "flash-plugin-0:11.2.202.394-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/flash-plugin@11.2.202.394-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.394-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386"
},
"product_reference": "flash-plugin-0:11.2.202.394-1.el5.i386",
"relates_to_product_reference": "5Client-Supplementary-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.394-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386"
},
"product_reference": "flash-plugin-0:11.2.202.394-1.el5.i386",
"relates_to_product_reference": "5Server-Supplementary-5.10.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.394-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
},
"product_reference": "flash-plugin-0:11.2.202.394-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.394-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
},
"product_reference": "flash-plugin-0:11.2.202.394-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.5.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flash-plugin-0:11.2.202.394-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
},
"product_reference": "flash-plugin-0:11.2.202.394-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.5.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0537",
"discovery_date": "2014-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1117586"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: security protection bypass (APSB14-17)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0537"
},
{
"category": "external",
"summary": "RHBZ#1117586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1117586"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0537"
},
{
"category": "external",
"summary": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
],
"release_date": "2014-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-09T11:11:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0860"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: security protection bypass (APSB14-17)"
},
{
"cve": "CVE-2014-0539",
"discovery_date": "2014-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1117586"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: security protection bypass (APSB14-17)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0539"
},
{
"category": "external",
"summary": "RHBZ#1117586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1117586"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0539",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0539"
},
{
"category": "external",
"summary": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
],
"release_date": "2014-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-09T11:11:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0860"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flash-plugin: security protection bypass (APSB14-17)"
},
{
"cve": "CVE-2014-4671",
"discovery_date": "2014-07-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1117588"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found that would lead to Cross-Site Request Forgery (CSRF) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "RHBZ#1117588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1117588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4671",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4671"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4671",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4671"
},
{
"category": "external",
"summary": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-17.html"
}
],
"release_date": "2014-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-09T11:11:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0860"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"5Server-Supplementary-5.10.Z:flash-plugin-0:11.2.202.394-1.el5.i386",
"6Client-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Server-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686",
"6Workstation-Supplementary-6.5.z:flash-plugin-0:11.2.202.394-1.el6.i686"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "flash-plugin: vulnerable JSONP callback APIs issue (APSB14-17)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…